package net.orivis.auth.delegations.virtual;

import jakarta.servlet.http.HttpServletRequest;
import lombok.Generated;
import net.orivis.auth.client.LoginPassword;
import net.orivis.auth.client.entity.UserData;
import net.orivis.auth.config.AuthorizationDelegator;
import net.orivis.auth.config.AuthorizeResponse;
import net.orivis.auth.entity.RefreshToken;
import net.orivis.auth.entity.VirtualLoginPassword;
import net.orivis.auth.exception.UserIsBlockedException;
import net.orivis.auth.exception.VirtualUserAuthorizationException;
import net.orivis.auth.form.ChangePasswordForm;
import net.orivis.auth.form.RegistrationForm;
import net.orivis.auth.repository.UserDataRepository;
import net.orivis.auth.repository.VirtualLoginPasswordRepo;
import net.orivis.auth.role_validator.TokenProvider;
import net.orivis.auth.service.AuthScopeService;
import net.orivis.auth.service.LoginPasswordService;
import net.orivis.auth.service.ProfilePageService;
import net.orivis.auth.service.RefreshTokenService;
import net.orivis.auth.util.PasswordService;
import net.orivis.shared.auth_client.form.UserTokenDTO;
import net.orivis.shared.config.WebContext;
import net.orivis.shared.exceptions.AccessDeniedException;
import net.orivis.shared.exceptions.AuthorizationFailedException;
import net.orivis.shared.exceptions.ItemNotFoundException;
import net.orivis.shared.scopes.model.ScopeModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/orivis/auth/delegations/virtual/VirtualUserAuthorizationDelegator.class */
public class VirtualUserAuthorizationDelegator implements AuthorizationDelegator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(VirtualUserAuthorizationDelegator.class);
    public static final String AUTH_TYPE_VIRTUAL = "VIRTUAL";

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public AuthorizeResponse authorize(HttpServletRequest httpServletRequest, LoginPassword loginPassword, WebContext.LocalWebContext localWebContext, boolean z) {
        ScopeModel scopeFromRequest = ((AuthScopeService) localWebContext.getBean(AuthScopeService.class)).getScopeFromRequest(httpServletRequest, null, true);
        VirtualLoginPassword orElseThrow = ((VirtualLoginPasswordRepo) localWebContext.getBean(VirtualLoginPasswordRepo.class)).login(loginPassword.getLogin(), ((PasswordService) localWebContext.getBean(PasswordService.class)).toPassword(loginPassword.getPassword(), z)).orElseThrow(() -> {
            return new AuthorizationFailedException(loginPassword.getLogin());
        });
        if (orElseThrow.getIsActive() != null && orElseThrow.getIsActive() == Boolean.FALSE) {
            throw new VirtualUserAuthorizationException("User " + loginPassword.getLogin() + " is blocked");
        }
        if (((UserData) ((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).findById(orElseThrow.getUserDataId()).orElseThrow(() -> {
            return new VirtualUserAuthorizationException("User assigned to virtual user does not exist");
        })).getBlocked() == Boolean.TRUE) {
            throw new UserIsBlockedException(" User owning this virtual user is blocked");
        }
        return AuthorizeResponse.of(new DirectUserLoginAuthorization("VIRTUAL").authorize(loginPassword, localWebContext, scopeFromRequest, z), false);
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public AuthorizeResponse refreshToken(HttpServletRequest httpServletRequest, String str, WebContext.LocalWebContext localWebContext) {
        RefreshToken findByToken = ((RefreshTokenService) localWebContext.getBean(RefreshTokenService.class)).findByToken(str);
        ProfilePageService profilePageService = (ProfilePageService) localWebContext.getBean(ProfilePageService.class);
        UserData userData = (UserData) profilePageService.filteredFirst(profilePageService.getFilterImpl().id(findByToken.getUserDataId()).and(profilePageService.getNotDeletedQuery())).orElseThrow(() -> {
            return ItemNotFoundException.fromId(findByToken.getUserDataId());
        });
        ((RefreshTokenService) localWebContext.getBean(RefreshTokenService.class)).validateRefreshToken(findByToken, ((AuthScopeService) localWebContext.getBean(AuthScopeService.class)).getScopeFromRequest(httpServletRequest, userData.getId(), true));
        return authorize(httpServletRequest, ((LoginPasswordService) localWebContext.getBean(LoginPasswordService.class)).findUserByLogin(userData.getLogin()).orElseThrow(() -> {
            return ItemNotFoundException.fromId("Login Password not found: " + userData.getLogin());
        }), localWebContext, false);
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public boolean shouldAuthorize(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext) {
        if ("VIRTUAL".equals(httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER))) {
            log.debug("Header AUTH-TYPE declares to use VirtualUserAuth");
            return true;
        }
        log.debug("Header AUTH-TYPE declares not to use VirtualUserAuth");
        return false;
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public boolean blockUser(boolean z, Long l, WebContext.LocalWebContext localWebContext) {
        return true;
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public boolean logout(String str, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel) {
        ((TokenProvider) localWebContext.getBean(TokenProvider.class)).removeAuthToken(str, "VIRTUAL", scopeModel);
        return true;
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public boolean register(RegistrationForm registrationForm, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel, Long l) {
        throw new AccessDeniedException("registering virtual users is not possible");
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public void validate(UserTokenDTO userTokenDTO, WebContext.LocalWebContext localWebContext) {
        userTokenDTO.validate(localWebContext);
        if (userTokenDTO.getUserData().getBlocked() == Boolean.TRUE) {
            throw new UserIsBlockedException("User is blocked");
        }
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public boolean changePassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, ChangePasswordForm changePasswordForm, ScopeModel scopeModel) {
        throw new AccessDeniedException("changing password of virtual users is not possible");
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public String forgetPassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        throw new AccessDeniedException("forget password of virtual users is not possible");
    }
}
