package org.thingsboard.server.controller;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.thingsboard.rule.engine.api.MailService;
import org.thingsboard.server.common.data.HasName;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.audit.ActionType;
import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.security.UserCredentials;
import org.thingsboard.server.config.ThingsboardSecurityConfiguration;
import org.thingsboard.server.dao.audit.AuditLogService;
import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
import org.thingsboard.server.service.security.model.SecuritySettings;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.UserPasswordPolicy;
import org.thingsboard.server.service.security.model.UserPrincipal;
import org.thingsboard.server.service.security.model.token.AccessJwtToken;
import org.thingsboard.server.service.security.model.token.JwtToken;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
import org.thingsboard.server.service.security.system.SystemSecurityService;
import ua_parser.Client;

@RequestMapping({"/api"})
@RestController
/* loaded from: input_file:org/thingsboard/server/controller/AuthController.class */
public class AuthController extends BaseController {
    private static final Logger log = LoggerFactory.getLogger(AuthController.class);

    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    @Autowired
    private JwtTokenFactory tokenFactory;

    @Autowired
    private RefreshTokenRepository refreshTokenRepository;

    @Autowired
    private MailService mailService;

    @Autowired
    private SystemSecurityService systemSecurityService;

    @Autowired
    private AuditLogService auditLogService;

    @RequestMapping(value = {"/auth/user"}, method = {RequestMethod.GET})
    @PreAuthorize("isAuthenticated()")
    @ResponseBody
    public User getUser() throws ThingsboardException {
        try {
            SecurityUser currentUser = getCurrentUser();
            return this.userService.findUserById(currentUser.getTenantId(), currentUser.getId());
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/auth/logout"}, method = {RequestMethod.POST})
    @PreAuthorize("isAuthenticated()")
    @ResponseStatus(HttpStatus.OK)
    public void logout(HttpServletRequest httpServletRequest) throws ThingsboardException {
        logLogoutAction(httpServletRequest);
    }

    @RequestMapping(value = {"/auth/changePassword"}, method = {RequestMethod.POST})
    @PreAuthorize("isAuthenticated()")
    @ResponseStatus(HttpStatus.OK)
    public void changePassword(@RequestBody JsonNode jsonNode) throws ThingsboardException {
        try {
            String asText = jsonNode.get("currentPassword").asText();
            String asText2 = jsonNode.get("newPassword").asText();
            SecurityUser currentUser = getCurrentUser();
            UserCredentials findUserCredentialsByUserId = this.userService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, currentUser.getId());
            if (!this.passwordEncoder.matches(asText, findUserCredentialsByUserId.getPassword())) {
                throw new ThingsboardException("Current password doesn't match!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
            }
            this.systemSecurityService.validatePassword(currentUser.getTenantId(), asText2);
            if (this.passwordEncoder.matches(asText2, findUserCredentialsByUserId.getPassword())) {
                throw new ThingsboardException("New password should be different from existing!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
            }
            findUserCredentialsByUserId.setPassword(this.passwordEncoder.encode(asText2));
            this.userService.replaceUserCredentials(currentUser.getTenantId(), findUserCredentialsByUserId);
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/noauth/userPasswordPolicy"}, method = {RequestMethod.GET})
    @ResponseBody
    public UserPasswordPolicy getUserPasswordPolicy() throws ThingsboardException {
        try {
            return ((SecuritySettings) checkNotNull((AuthController) this.systemSecurityService.getSecuritySettings(TenantId.SYS_TENANT_ID))).getPasswordPolicy();
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/noauth/activate"}, params = {"activateToken"}, method = {RequestMethod.GET})
    public ResponseEntity<String> checkActivateToken(@RequestParam("activateToken") String str) {
        HttpStatus httpStatus;
        HttpHeaders httpHeaders = new HttpHeaders();
        if (this.userService.findUserCredentialsByActivateToken(TenantId.SYS_TENANT_ID, str) != null) {
            try {
                httpHeaders.setLocation(new URI("/login/createPassword?activateToken=" + str));
                httpStatus = HttpStatus.SEE_OTHER;
            } catch (URISyntaxException e) {
                log.error("Unable to create URI with address [{}]", "/login/createPassword");
                httpStatus = HttpStatus.BAD_REQUEST;
            }
        } else {
            httpStatus = HttpStatus.CONFLICT;
        }
        return new ResponseEntity<>(httpHeaders, httpStatus);
    }

    @RequestMapping(value = {"/noauth/resetPasswordByEmail"}, method = {RequestMethod.POST})
    @ResponseStatus(HttpStatus.OK)
    public void requestResetPasswordByEmail(@RequestBody JsonNode jsonNode, HttpServletRequest httpServletRequest) throws ThingsboardException {
        try {
            String asText = jsonNode.get("email").asText();
            this.mailService.sendResetPasswordEmail(String.format("%s/api/noauth/resetPassword?resetToken=%s", constructBaseUrl(httpServletRequest), this.userService.requestPasswordReset(TenantId.SYS_TENANT_ID, asText).getResetToken()), asText);
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    @RequestMapping(value = {"/noauth/resetPassword"}, params = {"resetToken"}, method = {RequestMethod.GET})
    public ResponseEntity<String> checkResetToken(@RequestParam("resetToken") String str) {
        HttpStatus httpStatus;
        HttpHeaders httpHeaders = new HttpHeaders();
        if (this.userService.findUserCredentialsByResetToken(TenantId.SYS_TENANT_ID, str) != null) {
            try {
                httpHeaders.setLocation(new URI("/login/resetPassword?resetToken=" + str));
                httpStatus = HttpStatus.SEE_OTHER;
            } catch (URISyntaxException e) {
                log.error("Unable to create URI with address [{}]", "/login/resetPassword");
                httpStatus = HttpStatus.BAD_REQUEST;
            }
        } else {
            httpStatus = HttpStatus.CONFLICT;
        }
        return new ResponseEntity<>(httpHeaders, httpStatus);
    }

    @RequestMapping(value = {"/noauth/activate"}, method = {RequestMethod.POST})
    @ResponseStatus(HttpStatus.OK)
    @ResponseBody
    public JsonNode activateUser(@RequestBody JsonNode jsonNode, HttpServletRequest httpServletRequest) throws ThingsboardException {
        try {
            String asText = jsonNode.get("activateToken").asText();
            String asText2 = jsonNode.get("password").asText();
            this.systemSecurityService.validatePassword(TenantId.SYS_TENANT_ID, asText2);
            UserCredentials activateUserCredentials = this.userService.activateUserCredentials(TenantId.SYS_TENANT_ID, asText, this.passwordEncoder.encode(asText2));
            User findUserById = this.userService.findUserById(TenantId.SYS_TENANT_ID, activateUserCredentials.getUserId());
            SecurityUser securityUser = new SecurityUser(findUserById, activateUserCredentials.isEnabled(), new UserPrincipal(UserPrincipal.Type.USER_NAME, findUserById.getEmail()));
            try {
                this.mailService.sendAccountActivatedEmail(String.format("%s/login", constructBaseUrl(httpServletRequest)), findUserById.getEmail());
            } catch (Exception e) {
                log.info("Unable to send account activation email [{}]", e.getMessage());
            }
            AccessJwtToken createAccessJwtToken = this.tokenFactory.createAccessJwtToken(securityUser);
            JwtToken requestRefreshToken = this.refreshTokenRepository.requestRefreshToken(securityUser);
            ObjectNode createObjectNode = new ObjectMapper().createObjectNode();
            createObjectNode.put(ThingsboardSecurityConfiguration.JWT_TOKEN_QUERY_PARAM, createAccessJwtToken.getToken());
            createObjectNode.put("refreshToken", requestRefreshToken.getToken());
            return createObjectNode;
        } catch (Exception e2) {
            throw handleException(e2);
        }
    }

    @RequestMapping(value = {"/noauth/resetPassword"}, method = {RequestMethod.POST})
    @ResponseStatus(HttpStatus.OK)
    @ResponseBody
    public JsonNode resetPassword(@RequestBody JsonNode jsonNode, HttpServletRequest httpServletRequest) throws ThingsboardException {
        try {
            String asText = jsonNode.get("resetToken").asText();
            String asText2 = jsonNode.get("password").asText();
            UserCredentials findUserCredentialsByResetToken = this.userService.findUserCredentialsByResetToken(TenantId.SYS_TENANT_ID, asText);
            if (findUserCredentialsByResetToken == null) {
                throw new ThingsboardException("Invalid reset token!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
            }
            this.systemSecurityService.validatePassword(TenantId.SYS_TENANT_ID, asText2);
            if (this.passwordEncoder.matches(asText2, findUserCredentialsByResetToken.getPassword())) {
                throw new ThingsboardException("New password should be different from existing!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
            }
            findUserCredentialsByResetToken.setPassword(this.passwordEncoder.encode(asText2));
            findUserCredentialsByResetToken.setResetToken((String) null);
            UserCredentials replaceUserCredentials = this.userService.replaceUserCredentials(TenantId.SYS_TENANT_ID, findUserCredentialsByResetToken);
            User findUserById = this.userService.findUserById(TenantId.SYS_TENANT_ID, replaceUserCredentials.getUserId());
            SecurityUser securityUser = new SecurityUser(findUserById, replaceUserCredentials.isEnabled(), new UserPrincipal(UserPrincipal.Type.USER_NAME, findUserById.getEmail()));
            this.mailService.sendPasswordWasResetEmail(String.format("%s/login", constructBaseUrl(httpServletRequest)), findUserById.getEmail());
            AccessJwtToken createAccessJwtToken = this.tokenFactory.createAccessJwtToken(securityUser);
            JwtToken requestRefreshToken = this.refreshTokenRepository.requestRefreshToken(securityUser);
            ObjectNode createObjectNode = new ObjectMapper().createObjectNode();
            createObjectNode.put(ThingsboardSecurityConfiguration.JWT_TOKEN_QUERY_PARAM, createAccessJwtToken.getToken());
            createObjectNode.put("refreshToken", requestRefreshToken.getToken());
            return createObjectNode;
        } catch (Exception e) {
            throw handleException(e);
        }
    }

    private void logLogoutAction(HttpServletRequest httpServletRequest) throws ThingsboardException {
        try {
            SecurityUser currentUser = getCurrentUser();
            RestAuthenticationDetails restAuthenticationDetails = new RestAuthenticationDetails(httpServletRequest);
            String clientAddress = restAuthenticationDetails.getClientAddress();
            String str = "Unknown";
            String str2 = "Unknown";
            String str3 = "Unknown";
            if (restAuthenticationDetails.getUserAgent() != null) {
                Client userAgent = restAuthenticationDetails.getUserAgent();
                if (userAgent.userAgent != null) {
                    str = userAgent.userAgent.family;
                    if (userAgent.userAgent.major != null) {
                        str = str + " " + userAgent.userAgent.major;
                        if (userAgent.userAgent.minor != null) {
                            str = str + "." + userAgent.userAgent.minor;
                            if (userAgent.userAgent.patch != null) {
                                str = str + "." + userAgent.userAgent.patch;
                            }
                        }
                    }
                }
                if (userAgent.os != null) {
                    str2 = userAgent.os.family;
                    if (userAgent.os.major != null) {
                        str2 = str2 + " " + userAgent.os.major;
                        if (userAgent.os.minor != null) {
                            str2 = str2 + "." + userAgent.os.minor;
                            if (userAgent.os.patch != null) {
                                str2 = str2 + "." + userAgent.os.patch;
                                if (userAgent.os.patchMinor != null) {
                                    str2 = str2 + "." + userAgent.os.patchMinor;
                                }
                            }
                        }
                    }
                }
                if (userAgent.device != null) {
                    str3 = userAgent.device.family;
                }
            }
            this.auditLogService.logEntityAction(currentUser.getTenantId(), currentUser.getCustomerId(), currentUser.getId(), currentUser.getName(), currentUser.getId(), (HasName) null, ActionType.LOGOUT, (Exception) null, new Object[]{clientAddress, str, str2, str3});
        } catch (Exception e) {
            throw handleException(e);
        }
    }
}
