package org.apache.streampipes.rest.impl;

import java.util.HashMap;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.apache.streampipes.commons.exceptions.UserNotFoundException;
import org.apache.streampipes.commons.exceptions.UsernameAlreadyTakenException;
import org.apache.streampipes.config.backend.BackendConfig;
import org.apache.streampipes.config.backend.model.GeneralConfig;
import org.apache.streampipes.model.client.user.JwtAuthenticationResponse;
import org.apache.streampipes.model.client.user.LoginRequest;
import org.apache.streampipes.model.client.user.RegistrationData;
import org.apache.streampipes.model.client.user.UserAccount;
import org.apache.streampipes.model.message.ErrorMessage;
import org.apache.streampipes.model.message.NotificationType;
import org.apache.streampipes.model.message.Notifications;
import org.apache.streampipes.model.message.SuccessMessage;
import org.apache.streampipes.rest.core.base.impl.AbstractRestResource;
import org.apache.streampipes.rest.shared.annotation.GsonWithIds;
import org.apache.streampipes.rest.shared.annotation.JacksonSerialized;
import org.apache.streampipes.user.management.jwt.JwtTokenProvider;
import org.apache.streampipes.user.management.model.PrincipalUserDetails;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;

@Path("/v2/auth")
/* loaded from: input_file:BOOT-INF/lib/streampipes-rest-0.69.0.jar:org/apache/streampipes/rest/impl/Authentication.class */
public class Authentication extends AbstractRestResource {

    @Autowired
    AuthenticationManager authenticationManager;

    @Path(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL)
    @Consumes({"application/json"})
    @Produces({"application/json"})
    @POST
    @JacksonSerialized
    public Response doLogin(LoginRequest loginRequest) {
        try {
            org.springframework.security.core.Authentication authenticate = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()));
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            return processAuth(authenticate);
        } catch (BadCredentialsException e) {
            return unauthorized();
        }
    }

    @GET
    @Path("/token/renew")
    @Consumes({"application/json"})
    @Produces({"application/json"})
    @JacksonSerialized
    public Response doLogin() {
        try {
            return processAuth(SecurityContextHolder.getContext().getAuthentication());
        } catch (BadCredentialsException e) {
            return ok(new ErrorMessage(NotificationType.LOGIN_FAILED.uiNotification()));
        }
    }

    @Path("/register")
    @Consumes({"application/json"})
    @GsonWithIds
    @POST
    @Produces({"application/json"})
    public Response doRegister(RegistrationData registrationData) {
        GeneralConfig generalConfig = BackendConfig.INSTANCE.getGeneralConfig();
        if (!generalConfig.isAllowSelfRegistration()) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        registrationData.setRoles(generalConfig.getDefaultUserRoles());
        try {
            getSpResourceManager().manageUsers().registerUser(registrationData);
            return ok(new SuccessMessage(NotificationType.REGISTRATION_SUCCESS.uiNotification()));
        } catch (UsernameAlreadyTakenException e) {
            return badRequest(Notifications.error("This email address already exists. Please choose another address."));
        }
    }

    @POST
    @Produces({"application/json"})
    @Path("restore/{username}")
    public Response sendPasswordRecoveryLink(@PathParam("username") String str) {
        try {
            getSpResourceManager().manageUsers().sendPasswordRecoveryLink(str);
            return ok(new SuccessMessage(NotificationType.PASSWORD_RECOVERY_LINK_SENT.uiNotification()));
        } catch (UserNotFoundException e) {
            return ok();
        } catch (Exception e2) {
            return badRequest();
        }
    }

    @GET
    @Path("settings")
    @Produces({"application/json"})
    @JacksonSerialized
    public Response getAuthSettings() {
        GeneralConfig generalConfig = BackendConfig.INSTANCE.getGeneralConfig();
        HashMap hashMap = new HashMap();
        hashMap.put("allowSelfRegistration", Boolean.valueOf(generalConfig.isAllowSelfRegistration()));
        hashMap.put("allowPasswordRecovery", Boolean.valueOf(generalConfig.isAllowPasswordRecovery()));
        return ok(hashMap);
    }

    private Response processAuth(org.springframework.security.core.Authentication authentication) {
        if (((PrincipalUserDetails) authentication.getPrincipal()).getDetails() instanceof UserAccount) {
            return ok(makeJwtResponse(authentication));
        }
        throw new BadCredentialsException("Could not create auth token");
    }

    private JwtAuthenticationResponse makeJwtResponse(org.springframework.security.core.Authentication authentication) {
        return JwtAuthenticationResponse.from(new JwtTokenProvider().createToken(authentication));
    }
}
