package io.robe.admin.resources;

import com.codahale.metrics.annotation.Timed;
import com.google.common.base.Optional;
import io.dropwizard.auth.Auth;
import io.dropwizard.hibernate.UnitOfWork;
import io.robe.admin.hibernate.dao.ActionLogDao;
import io.robe.admin.hibernate.dao.UserDao;
import io.robe.admin.hibernate.entity.ActionLog;
import io.robe.admin.hibernate.entity.User;
import io.robe.admin.util.SystemParameterCache;
import io.robe.auth.AbstractAuthResource;
import io.robe.auth.Credentials;
import io.robe.auth.token.BasicToken;
import io.robe.auth.token.Token;
import io.robe.auth.token.TokenManager;
import io.robe.auth.token.jersey.TokenBasedAuthResponseFilter;
import io.robe.hibernate.entity.BaseEntity;
import java.util.HashMap;
import java.util.Map;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.hibernate.CacheMode;
import org.hibernate.FlushMode;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({"application/json"})
@Path("authentication")
@Consumes({"application/json"})
/* loaded from: input_file:io/robe/admin/resources/AuthResource.class */
public class AuthResource extends AbstractAuthResource<User> {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthResource.class);
    private UserDao userDao;

    @Inject
    private ActionLogDao actionLogDao;

    @Inject
    public AuthResource(UserDao userDao) {
        super(userDao);
        this.userDao = userDao;
    }

    @Path("login")
    @Timed
    @UnitOfWork(flushMode = FlushMode.ALWAYS)
    @POST
    public Response login(@Context HttpServletRequest httpServletRequest, Map<String, String> map) throws Exception {
        Optional<User> findByUsername = this.userDao.findByUsername(map.get("username"));
        if (!findByUsername.isPresent()) {
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
        }
        if (!((User) findByUsername.get()).getPassword().equals(map.get("password"))) {
            if (!((User) findByUsername.get()).isActive()) {
                logAction(new ActionLog("LOGIN", "Blocked", ((User) findByUsername.get()).toString(), false));
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("User blocked.").build();
            }
            int failCount = ((User) findByUsername.get()).getFailCount() + 1;
            ((User) findByUsername.get()).setFailCount(failCount);
            if (failCount >= Integer.valueOf((String) SystemParameterCache.get("USER_BLOCK_FAIL_LIMIT", "3")).intValue()) {
                ((User) findByUsername.get()).setActive(false);
            }
            this.userDao.update((BaseEntity) findByUsername.get());
            logAction(new ActionLog("LOGIN", "Wrong Password", ((User) findByUsername.get()).toString(), false));
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
        if (!((User) findByUsername.get()).isActive()) {
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("User blocked.").build();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("userAgent", httpServletRequest.getHeader("User-Agent"));
        hashMap.put("remoteAddr", httpServletRequest.getRemoteAddr());
        Token createToken = TokenManager.getInstance().createToken(((User) findByUsername.get()).getUserId(), ((User) findByUsername.get()).getEmail(), DateTime.now(), hashMap);
        createToken.setExpiration(createToken.getMaxAge());
        map.remove("password");
        map.put("domain", TokenBasedAuthResponseFilter.getTokenSentence("dummy"));
        ((User) findByUsername.get()).setLastLoginTime(DateTime.now().toDate());
        ((User) findByUsername.get()).setFailCount(0);
        logAction(new ActionLog("LOGIN", null, ((User) findByUsername.get()).toString(), true));
        return Response.ok().header("Set-Cookie", TokenBasedAuthResponseFilter.getTokenSentence(createToken.getTokenString())).entity(map).build();
    }

    private void logAction(ActionLog actionLog) {
        actionLog.setOid(null);
        this.actionLogDao.create(actionLog);
    }

    @Path("logout")
    @Timed
    @UnitOfWork
    @POST
    public User logout(@Auth Credentials credentials) throws Exception {
        Optional<User> findByUsername = this.userDao.findByUsername(credentials.getUsername());
        if (!findByUsername.isPresent()) {
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
        }
        BasicToken.clearPermissionCache(credentials.getUsername());
        ((User) findByUsername.get()).setLastLogoutTime(DateTime.now().toDate());
        return (User) findByUsername.get();
    }

    @GET
    @Path("profile")
    @UnitOfWork(readOnly = true, cacheMode = CacheMode.GET, flushMode = FlushMode.MANUAL)
    public User getProfile(@Auth Credentials credentials) {
        Optional<User> findByUsername = this.userDao.findByUsername(credentials.getUsername());
        if (findByUsername.isPresent()) {
            return (User) findByUsername.get();
        }
        throw new WebApplicationException(Response.Status.UNAUTHORIZED);
    }

    @Path("password")
    @Timed
    @UnitOfWork
    @POST
    public Response changePassword(@Context HttpServletRequest httpServletRequest, @Auth Credentials credentials, Map<String, String> map) {
        Optional<User> findByUsername = this.userDao.findByUsername(credentials.getUsername());
        if (!findByUsername.isPresent()) {
            throw new WebApplicationException(Response.Status.NOT_FOUND);
        }
        if (!((User) findByUsername.get()).getPassword().equals(map.get("password"))) {
            return Response.status(Response.Status.PRECONDITION_FAILED).entity("Your password is incorrect.").build();
        }
        if (!map.get("newPassword").equals(map.get("newPasswordRepart"))) {
            return Response.status(Response.Status.PRECONDITION_FAILED).entity("Your new password does not match.").build();
        }
        ((User) findByUsername.get()).setPassword(map.get("newPassword"));
        return Response.status(Response.Status.OK).entity("Your password has been updated").build();
    }
}
