package net.orivis.auth.delegations.phone;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Objects;
import java.util.stream.Stream;
import lombok.Generated;
import net.orivis.auth.client.LoginPassword;
import net.orivis.auth.client.TwillioClient;
import net.orivis.auth.client.entity.UserData;
import net.orivis.auth.config.AuthorizationDelegator;
import net.orivis.auth.config.AuthorizeResponse;
import net.orivis.auth.delegations.simple.DefaultAuthorizationDelegator;
import net.orivis.auth.delegations.simple.SimplePhoneAuthorization;
import net.orivis.auth.entity.RefreshToken;
import net.orivis.auth.exception.PhoneAuthorizationCodeException;
import net.orivis.auth.form.ChangePasswordForm;
import net.orivis.auth.form.RegistrationForm;
import net.orivis.auth.model.PhoneAuthorizationCodes;
import net.orivis.auth.model.TempAccount;
import net.orivis.auth.repository.PhoneAuthorizationCodeRepo;
import net.orivis.auth.repository.TempAccountRepo;
import net.orivis.auth.repository.UserDataRepository;
import net.orivis.auth.service.LoginPasswordService;
import net.orivis.auth.service.PhoneAuthorizationCodeService;
import net.orivis.auth.service.ProfilePageService;
import net.orivis.auth.service.RefreshTokenService;
import net.orivis.auth.service.TempAccountService;
import net.orivis.auth.util.PasswordService;
import net.orivis.shared.config.WebContext;
import net.orivis.shared.exceptions.AccessDeniedException;
import net.orivis.shared.exceptions.AuthorizationFailedException;
import net.orivis.shared.exceptions.ItemNotFoundException;
import net.orivis.shared.exceptions.StatusException;
import net.orivis.shared.model.IDPresenter;
import net.orivis.shared.scopes.model.ScopeModel;
import net.orivis.shared.scopes.service.ScopeService;
import net.orivis.shared.servers.providers.ServerTypeProvider;
import net.orivis.shared.servers.repository.ServerConfigRepo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:net/orivis/auth/delegations/phone/PhoneAuthorizationDelegator.class */
public class PhoneAuthorizationDelegator extends DefaultAuthorizationDelegator {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(PhoneAuthorizationDelegator.class);
    public static final String AUTH_TYPE_PHONE = "phone";

    @Override // net.orivis.auth.delegations.simple.DefaultAuthorizationDelegator, net.orivis.auth.config.AuthorizationDelegator
    public AuthorizeResponse authorize(HttpServletRequest httpServletRequest, LoginPassword loginPassword, WebContext.LocalWebContext localWebContext, boolean z) {
        ((PhoneAuthorizationCodeRepo) localWebContext.getBean(PhoneAuthorizationCodeRepo.class)).filteredFirst(localWebContext.getDataFilterProvider().eq("login", loginPassword.getLogin()).and(localWebContext.getDataFilterProvider().eq("code", loginPassword.getPassword())).and(localWebContext.getDataFilterProvider().greater("expiryDate", new Date()))).orElseThrow(() -> {
            return new AuthorizationFailedException(loginPassword.getPassword());
        });
        UserData userData = (UserData) ((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).filteredFirst(localWebContext.getDataFilterProvider().eq("login", loginPassword.getLogin())).orElseThrow(() -> {
            return ItemNotFoundException.fromId(loginPassword.getLogin());
        });
        ScopeModel findByName = ((ScopeService) localWebContext.getBean(ScopeService.class)).findByName(httpServletRequest.getHeader(AuthorizationDelegator.AUTH_SCOPE_HEADER), userData.getId(), true);
        if (userData.getBlocked().booleanValue()) {
            throw new AuthorizationFailedException("global.app.user_blocked");
        }
        return AuthorizeResponse.of(new SimplePhoneAuthorization().authorize(loginPassword, localWebContext, findByName, z), false);
    }

    @Override // net.orivis.auth.delegations.simple.DefaultAuthorizationDelegator, net.orivis.auth.config.AuthorizationDelegator
    public AuthorizeResponse refreshToken(HttpServletRequest httpServletRequest, String str, WebContext.LocalWebContext localWebContext) {
        RefreshToken findByToken = ((RefreshTokenService) localWebContext.getBean(RefreshTokenService.class)).findByToken(str);
        ProfilePageService profilePageService = (ProfilePageService) localWebContext.getBean(ProfilePageService.class);
        UserData userData = (UserData) profilePageService.filteredFirst(profilePageService.getFilterImpl().id(findByToken.getUserDataId()).and(profilePageService.getNotDeletedQuery())).orElseThrow(() -> {
            return ItemNotFoundException.fromId(findByToken.getUserDataId());
        });
        ((RefreshTokenService) localWebContext.getBean(RefreshTokenService.class)).validateRefreshToken(findByToken, ((ScopeService) localWebContext.getBean(ScopeService.class)).findByName(httpServletRequest.getHeader(AuthorizationDelegator.AUTH_SCOPE_HEADER), userData.getId(), true));
        return authorize(httpServletRequest, ((LoginPasswordService) localWebContext.getBean(LoginPasswordService.class)).findUserByLogin(userData.getLogin()).orElseThrow(() -> {
            return ItemNotFoundException.fromId("Login Password not found: " + userData.getLogin());
        }), localWebContext, true);
    }

    @Override // net.orivis.auth.delegations.simple.DefaultAuthorizationDelegator, net.orivis.auth.config.AuthorizationDelegator
    public boolean shouldAuthorize(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext) {
        if (httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER) == null || !AUTH_TYPE_PHONE.equals(httpServletRequest.getHeader(AuthorizationDelegator.AUTH_TYPE_HEADER))) {
            log.debug("Header AUTH-TYPE declares not to use DefaultAuthorizationDelegator");
            return false;
        }
        log.debug("Header AUTH-TYPE declares to use DefaultAuthorizationDelegator");
        if (((ServerConfigRepo) localWebContext.getBean(ServerConfigRepo.class)).filteredFirst(localWebContext.getDataFilterProvider().eq("active", true).and(localWebContext.getDataFilterProvider().eq("type", ServerTypeProvider.LDAP))).orElse(null) != null) {
            throw new AuthorizationFailedException("LDAP CONFIG is active. Default authorization is not possible");
        }
        return true;
    }

    @Override // net.orivis.auth.delegations.simple.DefaultAuthorizationDelegator
    protected void validateForm(RegistrationForm registrationForm, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel, Long l) {
    }

    @Override // net.orivis.auth.delegations.simple.DefaultAuthorizationDelegator, net.orivis.auth.config.AuthorizationDelegator
    public boolean register(RegistrationForm registrationForm, WebContext.LocalWebContext localWebContext, ScopeModel scopeModel, Long l) {
        TempAccountService tempAccountService = (TempAccountService) localWebContext.getBean(TempAccountService.class);
        TempAccount tempAccount = (TempAccount) tempAccountService.m45getRepository().filteredFirst(localWebContext.getDataFilterProvider().eq("login", registrationForm.getEmail())).orElseThrow(() -> {
            return ItemNotFoundException.fromId(registrationForm.getEmail());
        });
        if (!tempAccount.getCode().equalsIgnoreCase(registrationForm.getPassword())) {
            throw new StatusException("user.not_verified.error", HttpStatus.BAD_REQUEST);
        }
        String generateRandomPassword = ((PasswordService) localWebContext.getBean(PasswordService.class)).generateRandomPassword(15);
        registrationForm.setPassword(generateRandomPassword);
        registrationForm.setRepeatPassword(generateRandomPassword);
        super.register(registrationForm, localWebContext, scopeModel, l);
        tempAccount.setEnabled(true);
        tempAccountService.save(tempAccount);
        return true;
    }

    @Override // net.orivis.auth.delegations.simple.DefaultAuthorizationDelegator, net.orivis.auth.config.AuthorizationDelegator
    public boolean changePassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, ChangePasswordForm changePasswordForm, ScopeModel scopeModel) {
        throw new AccessDeniedException("global.phone_authorization_is_not_able_to_change_password");
    }

    @Override // net.orivis.auth.delegations.simple.DefaultAuthorizationDelegator, net.orivis.auth.config.AuthorizationDelegator
    public String forgetPassword(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        throw new AccessDeniedException("global.phone_authorization_is_not_able_to_restore");
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public boolean requestAuthorization(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        String header = httpServletRequest.getHeader(AuthorizationDelegator.AUTH_SCOPE_HEADER);
        ScopeService scopeService = (ScopeService) localWebContext.getBean(ScopeService.class);
        ScopeModel scopeModel = (ScopeModel) scopeService.getRepository().filteredFirst(scopeService.getFilterImpl().eq("name", header)).orElseThrow(() -> {
            return ItemNotFoundException.fromId(header);
        });
        if (scopeModel.getScopeRule() == null || !scopeModel.getScopeRule().getAllowPhoneOperations().booleanValue()) {
            throw new AuthorizationFailedException("global.scope_does_not_allow_phone_operations");
        }
        UserData orElseThrow = ((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).findByLogin(str).orElseThrow(() -> {
            return ItemNotFoundException.fromId(str);
        });
        if (orElseThrow.getBlocked().booleanValue()) {
            throw new AccessDeniedException("global.user_is_blocked");
        }
        String createCode = createCode(str, localWebContext, PhoneAuthorizationCodes.AUTHORIZATION);
        if (!((PhoneAuthorizationCodeService) localWebContext.getBean(PhoneAuthorizationCodeService.class)).isSendSmsEnabled().booleanValue()) {
            return true;
        }
        sendCode(PhoneAuthorizationCodes.AUTHORIZATION, createCode, orElseThrow, localWebContext);
        return true;
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public boolean requestRegistration(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        validatePhoneRegistration(httpServletRequest, localWebContext, str);
        TempAccountService tempAccountService = (TempAccountService) localWebContext.getBean(TempAccountService.class);
        if (tempAccountService.m45getRepository().exists(localWebContext.getDataFilterProvider().eq("login", str))) {
            throw new StatusException("global.app_request_was_already_done", HttpStatus.BAD_REQUEST);
        }
        String createCode = createCode(str, localWebContext, PhoneAuthorizationCodes.REGISTRATION);
        TempAccount tempAccount = new TempAccount();
        tempAccount.setLogin(str);
        tempAccount.setCode(createCode);
        tempAccount.setEnabled(false);
        tempAccount.setExpiryDate(getAccountExpiry(localWebContext));
        tempAccountService.save(tempAccount);
        UserData userData = new UserData();
        userData.setLogin(str);
        if (!((PhoneAuthorizationCodeService) localWebContext.getBean(PhoneAuthorizationCodeService.class)).isSendSmsEnabled().booleanValue()) {
            return true;
        }
        sendCode(PhoneAuthorizationCodes.REGISTRATION, createCode, userData, localWebContext);
        return true;
    }

    @Override // net.orivis.auth.config.AuthorizationDelegator
    public boolean resendCode(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str, String str2) {
        PhoneAuthorizationCodes phoneAuthorizationCodes = (PhoneAuthorizationCodes) ((PhoneAuthorizationCodeRepo) localWebContext.getBean(PhoneAuthorizationCodeRepo.class)).filteredFirst(localWebContext.getDataFilterProvider().eq("login", str).and(localWebContext.getDataFilterProvider().greater("expiryDate", new Date()))).orElse(null);
        if (Objects.nonNull(phoneAuthorizationCodes)) {
            if (new Date().before(getCodeResendTime(phoneAuthorizationCodes.getUpdated(), localWebContext))) {
                throw new PhoneAuthorizationCodeException("resend.code.failed.insufficient.time.since.last.send");
            }
        }
        if (PhoneAuthorizationCodes.AUTHORIZATION.equals(str2)) {
            return requestAuthorization(httpServletRequest, localWebContext, str);
        }
        if (!PhoneAuthorizationCodes.REGISTRATION.equals(str2)) {
            throw new PhoneAuthorizationCodeException("unsupported.type: " + str2);
        }
        validatePhoneRegistration(httpServletRequest, localWebContext, str);
        IDPresenter findByLogin = ((TempAccountService) localWebContext.getBean(TempAccountService.class)).findByLogin(str);
        String createCode = createCode(str, localWebContext, PhoneAuthorizationCodes.REGISTRATION);
        findByLogin.setCode(createCode);
        ((TempAccountRepo) localWebContext.getBean(TempAccountRepo.class)).save(findByLogin);
        UserData userData = new UserData();
        userData.setLogin(str);
        sendCode(PhoneAuthorizationCodes.REGISTRATION, createCode, userData, localWebContext);
        return true;
    }

    public void sendCode(String str, String str2, UserData userData, WebContext.LocalWebContext localWebContext) {
        new TwillioClient(localWebContext.getWebContext()).send(getMessage(str2, userData, localWebContext), str2);
    }

    public String getMessage(String str, UserData userData, WebContext.LocalWebContext localWebContext) {
        return "code is " + str;
    }

    public String createCode(String str, WebContext.LocalWebContext localWebContext, String str2) {
        PhoneAuthorizationCodeRepo phoneAuthorizationCodeRepo = (PhoneAuthorizationCodeRepo) localWebContext.getBean(PhoneAuthorizationCodeRepo.class);
        PhoneAuthorizationCodes phoneAuthorizationCodes = (PhoneAuthorizationCodes) phoneAuthorizationCodeRepo.filteredFirst(localWebContext.getDataFilterProvider().eq("login", str).and(localWebContext.getDataFilterProvider().greater("expiryDate", new Date()).and(localWebContext.getDataFilterProvider().eq("type", str2)))).orElseGet(PhoneAuthorizationCodes::new);
        if (phoneAuthorizationCodes.getId() != null) {
            phoneAuthorizationCodes.setUpdated(new Date());
            phoneAuthorizationCodeRepo.save(phoneAuthorizationCodes);
            return phoneAuthorizationCodes.getCode();
        }
        phoneAuthorizationCodes.setCode(PasswordService.generateRandomKey(6, "0123456789"));
        phoneAuthorizationCodes.setExpiryDate(getExpireDate(localWebContext));
        phoneAuthorizationCodes.setLogin(str);
        phoneAuthorizationCodes.setUpdated(new Date());
        phoneAuthorizationCodes.setType(str2);
        phoneAuthorizationCodeRepo.save(phoneAuthorizationCodes);
        return phoneAuthorizationCodes.getCode();
    }

    public Date getExpireDate(WebContext.LocalWebContext localWebContext) {
        Calendar calendar = Calendar.getInstance();
        calendar.add(12, ((Integer) localWebContext.getEnv("global.app.phone_sms_duration_in_minutes", 15)).intValue());
        return calendar.getTime();
    }

    public Date getAccountExpiry(WebContext.LocalWebContext localWebContext) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date());
        calendar.add(12, ((Integer) localWebContext.getEnv("global.app.temp.account.expiry.duration", 1440)).intValue());
        return calendar.getTime();
    }

    public Date getCodeResendTime(Date date, WebContext.LocalWebContext localWebContext) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(12, ((Integer) localWebContext.getEnv("global.app.phone.code.resend.delay.minutes", 3)).intValue());
        return calendar.getTime();
    }

    private void validatePhoneRegistration(HttpServletRequest httpServletRequest, WebContext.LocalWebContext localWebContext, String str) {
        String trim = str.trim();
        String header = httpServletRequest.getHeader(AuthorizationDelegator.AUTH_SCOPE_HEADER);
        ScopeService scopeService = (ScopeService) localWebContext.getBean(ScopeService.class);
        ScopeModel scopeModel = (ScopeModel) scopeService.getRepository().filteredFirst(scopeService.getFilterImpl().eq("name", header)).orElseThrow(() -> {
            return ItemNotFoundException.fromId(header);
        });
        if (scopeModel.getScopeRule() == null || !scopeModel.getScopeRule().getAllowPhoneOperations().booleanValue() || !scopeModel.getScopeRule().getRegistrationAllowed().booleanValue()) {
            throw new AuthorizationFailedException("global.scope_does_not_allow_phone_operations_to_register");
        }
        String str2 = (String) localWebContext.getEnv("global.app.allowed.country.codes.for.registration", "*");
        if (!str2.equals("*") && !str2.isEmpty()) {
            Stream stream = Arrays.stream(str2.split("\\s+"));
            Objects.requireNonNull(trim);
            if (!stream.anyMatch(trim::startsWith)) {
                throw new AccessDeniedException("global.registration_not_allowed_for_country_code");
            }
        }
        if (((UserDataRepository) localWebContext.getBean(UserDataRepository.class)).findByLogin(trim).orElse(null) != null) {
            throw new AccessDeniedException("global.user_is_already_registered");
        }
    }
}
