package org.thingsboard.server.controller;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.thingsboard.rule.engine.api.MailService;
import org.thingsboard.server.common.data.EntityType;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.audit.ActionType;
import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.page.TextPageData;
import org.thingsboard.server.common.data.page.TextPageLink;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.common.data.security.UserCredentials;
import org.thingsboard.server.config.ThingsboardSecurityConfiguration;
import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.UserPrincipal;
import org.thingsboard.server.service.security.model.token.AccessJwtToken;
import org.thingsboard.server.service.security.model.token.JwtToken;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
import org.thingsboard.server.service.security.permission.Operation;
import org.thingsboard.server.service.security.permission.Resource;

@RequestMapping({"/api"})
@RestController
/* loaded from: input_file:org/thingsboard/server/controller/UserController.class */
public class UserController extends BaseController {
    public static final String USER_ID = "userId";
    public static final String YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION = "You don't have permission to perform this operation!";
    public static final String ACTIVATE_URL_PATTERN = "%s/api/noauth/activate?activateToken=%s";

    @Value("${security.user_token_access_enabled}")
    private boolean userTokenAccessEnabled;

    @Autowired
    private MailService mailService;

    @Autowired
    private JwtTokenFactory tokenFactory;

    @Autowired
    private RefreshTokenRepository refreshTokenRepository;

    @RequestMapping(value = {"/user/{userId}"}, method = {RequestMethod.GET})
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
    @ResponseBody
    public User getUserById(@PathVariable("userId") String str) throws ThingsboardException {
        checkParameter(USER_ID, str);
        try {
            return checkUserId(new UserId(toUUID(str)), Operation.READ);
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/user/tokenAccessEnabled"}, method = {RequestMethod.GET})
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    @ResponseBody
    public boolean isUserTokenAccessEnabled() {
        return this.userTokenAccessEnabled;
    }

    @RequestMapping(value = {"/user/{userId}/token"}, method = {RequestMethod.GET})
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    @ResponseBody
    public JsonNode getUserToken(@PathVariable("userId") String str) throws ThingsboardException {
        checkParameter(USER_ID, str);
        try {
            if (!this.userTokenAccessEnabled) {
                throw new ThingsboardException("You don't have permission to perform this operation!", ThingsboardErrorCode.PERMISSION_DENIED);
            }
            UserId userId = new UserId(toUUID(str));
            SecurityUser currentUser = getCurrentUser();
            User checkUserId = checkUserId(userId, Operation.READ);
            SecurityUser securityUser = new SecurityUser(checkUserId, this.userService.findUserCredentialsByUserId(currentUser.getTenantId(), userId).isEnabled(), new UserPrincipal(UserPrincipal.Type.USER_NAME, checkUserId.getEmail()));
            AccessJwtToken createAccessJwtToken = this.tokenFactory.createAccessJwtToken(securityUser);
            JwtToken requestRefreshToken = this.refreshTokenRepository.requestRefreshToken(securityUser);
            ObjectNode createObjectNode = new ObjectMapper().createObjectNode();
            createObjectNode.put(ThingsboardSecurityConfiguration.JWT_TOKEN_QUERY_PARAM, createAccessJwtToken.getToken());
            createObjectNode.put("refreshToken", requestRefreshToken.getToken());
            return createObjectNode;
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/user"}, method = {RequestMethod.POST})
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
    @ResponseBody
    public User saveUser(@RequestBody User user, @RequestParam(required = false, defaultValue = "true") boolean z, HttpServletRequest httpServletRequest) throws ThingsboardException {
        try {
            if (getCurrentUser().getAuthority() == Authority.TENANT_ADMIN) {
                user.setTenantId(getCurrentUser().getTenantId());
            }
            this.accessControlService.checkPermission(getCurrentUser(), Resource.USER, user.getId() == null ? Operation.CREATE : Operation.WRITE, user.getId(), user);
            boolean z2 = user.getId() == null && z;
            User user2 = (User) checkNotNull((UserController) this.userService.saveUser(user));
            if (z2) {
                SecurityUser currentUser = getCurrentUser();
                try {
                    this.mailService.sendActivationEmail(String.format(ACTIVATE_URL_PATTERN, constructBaseUrl(httpServletRequest), this.userService.findUserCredentialsByUserId(currentUser.getTenantId(), user2.getId()).getActivateToken()), user2.getEmail());
                } catch (ThingsboardException e) {
                    this.userService.deleteUser(currentUser.getTenantId(), user2.getId());
                    throw e;
                }
            }
            logEntityAction(user2.getId(), user2, user2.getCustomerId(), user.getId() == null ? ActionType.ADDED : ActionType.UPDATED, null, new Object[0]);
            return user2;
        } catch (Exception e2) {
            logEntityAction(emptyId(EntityType.USER), user, null, user.getId() == null ? ActionType.ADDED : ActionType.UPDATED, e2, new Object[0]);
            throw handleException(e2);
        }
    }

    @RequestMapping(value = {"/user/sendActivationMail"}, method = {RequestMethod.POST})
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    @ResponseStatus(HttpStatus.OK)
    public void sendActivationEmail(@RequestParam("email") String str, HttpServletRequest httpServletRequest) throws ThingsboardException {
        try {
            User user = (User) checkNotNull((UserController) this.userService.findUserByEmail(getCurrentUser().getTenantId(), str));
            this.accessControlService.checkPermission(getCurrentUser(), Resource.USER, Operation.READ, user.getId(), user);
            UserCredentials findUserCredentialsByUserId = this.userService.findUserCredentialsByUserId(getCurrentUser().getTenantId(), user.getId());
            if (findUserCredentialsByUserId.isEnabled()) {
                throw new ThingsboardException("User is already active!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
            }
            this.mailService.sendActivationEmail(String.format(ACTIVATE_URL_PATTERN, constructBaseUrl(httpServletRequest), findUserCredentialsByUserId.getActivateToken()), str);
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/user/{userId}/activationLink"}, method = {RequestMethod.GET}, produces = {"text/plain"})
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    @ResponseBody
    public String getActivationLink(@PathVariable("userId") String str, HttpServletRequest httpServletRequest) throws ThingsboardException {
        checkParameter(USER_ID, str);
        try {
            UserCredentials findUserCredentialsByUserId = this.userService.findUserCredentialsByUserId(getCurrentUser().getTenantId(), checkUserId(new UserId(toUUID(str)), Operation.READ).getId());
            if (findUserCredentialsByUserId.isEnabled()) {
                throw new ThingsboardException("User is already active!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
            }
            return String.format(ACTIVATE_URL_PATTERN, constructBaseUrl(httpServletRequest), findUserCredentialsByUserId.getActivateToken());
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/user/{userId}"}, method = {RequestMethod.DELETE})
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    @ResponseStatus(HttpStatus.OK)
    public void deleteUser(@PathVariable("userId") String str) throws ThingsboardException {
        checkParameter(USER_ID, str);
        try {
            UserId userId = new UserId(toUUID(str));
            User checkUserId = checkUserId(userId, Operation.DELETE);
            this.userService.deleteUser(getCurrentUser().getTenantId(), userId);
            logEntityAction(userId, checkUserId, checkUserId.getCustomerId(), ActionType.DELETED, null, str);
        } catch (Exception e) {
            logEntityAction(emptyId(EntityType.USER), null, null, ActionType.DELETED, e, str);
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/tenant/{tenantId}/users"}, params = {"limit"}, method = {RequestMethod.GET})
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public TextPageData<User> getTenantAdmins(@PathVariable("tenantId") String str, @RequestParam int i, @RequestParam(required = false) String str2, @RequestParam(required = false) String str3, @RequestParam(required = false) String str4) throws ThingsboardException {
        checkParameter("tenantId", str);
        try {
            return (TextPageData) checkNotNull((UserController) this.userService.findTenantAdmins(new TenantId(toUUID(str)), createPageLink(i, str2, str3, str4)));
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/customer/{customerId}/users"}, params = {"limit"}, method = {RequestMethod.GET})
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    @ResponseBody
    public TextPageData<User> getCustomerUsers(@PathVariable("customerId") String str, @RequestParam int i, @RequestParam(required = false) String str2, @RequestParam(required = false) String str3, @RequestParam(required = false) String str4) throws ThingsboardException {
        checkParameter(CustomerController.CUSTOMER_ID, str);
        try {
            CustomerId customerId = new CustomerId(toUUID(str));
            checkCustomerId(customerId, Operation.READ);
            TextPageLink createPageLink = createPageLink(i, str2, str3, str4);
            return (TextPageData) checkNotNull((UserController) this.userService.findCustomerUsers(getCurrentUser().getTenantId(), customerId, createPageLink));
        } catch (Exception e) {
            throw handleException(e);
        }
    }
}
