package org.thingsboard.server.controller;

import jakarta.servlet.http.HttpServletRequest;
import java.beans.ConstructorProperties;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.thingsboard.server.actors.calculatedField.CalculatedFieldEntityMessageProcessor;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.audit.ActionType;
import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.common.data.security.model.JwtPair;
import org.thingsboard.server.common.data.security.model.mfa.PlatformTwoFaSettings;
import org.thingsboard.server.common.data.security.model.mfa.account.EmailTwoFaAccountConfig;
import org.thingsboard.server.common.data.security.model.mfa.account.SmsTwoFaAccountConfig;
import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
import org.thingsboard.server.config.annotations.ApiOperation;
import org.thingsboard.server.dao.user.UserService;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.security.auth.mfa.TwoFactorAuthService;
import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
import org.thingsboard.server.service.security.system.SystemSecurityService;

@RequestMapping({"/api/auth/2fa"})
@TbCoreComponent
@RestController
/* loaded from: input_file:org/thingsboard/server/controller/TwoFactorAuthController.class */
public class TwoFactorAuthController extends BaseController {
    private final TwoFactorAuthService twoFactorAuthService;
    private final TwoFaConfigManager twoFaConfigManager;
    private final JwtTokenFactory tokenFactory;
    private final SystemSecurityService systemSecurityService;
    private final UserService userService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.thingsboard.server.controller.TwoFactorAuthController$1, reason: invalid class name */
    /* loaded from: input_file:org/thingsboard/server/controller/TwoFactorAuthController$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$thingsboard$server$common$data$security$model$mfa$provider$TwoFaProviderType = new int[TwoFaProviderType.values().length];

        static {
            try {
                $SwitchMap$org$thingsboard$server$common$data$security$model$mfa$provider$TwoFaProviderType[TwoFaProviderType.SMS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$security$model$mfa$provider$TwoFaProviderType[TwoFaProviderType.EMAIL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/thingsboard/server/controller/TwoFactorAuthController$TwoFaProviderInfo.class */
    public static class TwoFaProviderInfo {
        private TwoFaProviderType type;
        private boolean isDefault;
        private String contact;
        private Integer minVerificationCodeSendPeriod;

        /* loaded from: input_file:org/thingsboard/server/controller/TwoFactorAuthController$TwoFaProviderInfo$TwoFaProviderInfoBuilder.class */
        public static class TwoFaProviderInfoBuilder {
            private TwoFaProviderType type;
            private boolean isDefault;
            private String contact;
            private Integer minVerificationCodeSendPeriod;

            TwoFaProviderInfoBuilder() {
            }

            public TwoFaProviderInfoBuilder type(TwoFaProviderType twoFaProviderType) {
                this.type = twoFaProviderType;
                return this;
            }

            public TwoFaProviderInfoBuilder isDefault(boolean z) {
                this.isDefault = z;
                return this;
            }

            public TwoFaProviderInfoBuilder contact(String str) {
                this.contact = str;
                return this;
            }

            public TwoFaProviderInfoBuilder minVerificationCodeSendPeriod(Integer num) {
                this.minVerificationCodeSendPeriod = num;
                return this;
            }

            public TwoFaProviderInfo build() {
                return new TwoFaProviderInfo(this.type, this.isDefault, this.contact, this.minVerificationCodeSendPeriod);
            }

            public String toString() {
                return "TwoFactorAuthController.TwoFaProviderInfo.TwoFaProviderInfoBuilder(type=" + String.valueOf(this.type) + ", isDefault=" + this.isDefault + ", contact=" + this.contact + ", minVerificationCodeSendPeriod=" + this.minVerificationCodeSendPeriod + ")";
            }
        }

        public static TwoFaProviderInfoBuilder builder() {
            return new TwoFaProviderInfoBuilder();
        }

        public TwoFaProviderType getType() {
            return this.type;
        }

        public boolean isDefault() {
            return this.isDefault;
        }

        public String getContact() {
            return this.contact;
        }

        public Integer getMinVerificationCodeSendPeriod() {
            return this.minVerificationCodeSendPeriod;
        }

        public void setType(TwoFaProviderType twoFaProviderType) {
            this.type = twoFaProviderType;
        }

        public void setDefault(boolean z) {
            this.isDefault = z;
        }

        public void setContact(String str) {
            this.contact = str;
        }

        public void setMinVerificationCodeSendPeriod(Integer num) {
            this.minVerificationCodeSendPeriod = num;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof TwoFaProviderInfo)) {
                return false;
            }
            TwoFaProviderInfo twoFaProviderInfo = (TwoFaProviderInfo) obj;
            if (!twoFaProviderInfo.canEqual(this) || isDefault() != twoFaProviderInfo.isDefault()) {
                return false;
            }
            Integer minVerificationCodeSendPeriod = getMinVerificationCodeSendPeriod();
            Integer minVerificationCodeSendPeriod2 = twoFaProviderInfo.getMinVerificationCodeSendPeriod();
            if (minVerificationCodeSendPeriod == null) {
                if (minVerificationCodeSendPeriod2 != null) {
                    return false;
                }
            } else if (!minVerificationCodeSendPeriod.equals(minVerificationCodeSendPeriod2)) {
                return false;
            }
            TwoFaProviderType type = getType();
            TwoFaProviderType type2 = twoFaProviderInfo.getType();
            if (type == null) {
                if (type2 != null) {
                    return false;
                }
            } else if (!type.equals(type2)) {
                return false;
            }
            String contact = getContact();
            String contact2 = twoFaProviderInfo.getContact();
            return contact == null ? contact2 == null : contact.equals(contact2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof TwoFaProviderInfo;
        }

        public int hashCode() {
            int i = (1 * 59) + (isDefault() ? 79 : 97);
            Integer minVerificationCodeSendPeriod = getMinVerificationCodeSendPeriod();
            int hashCode = (i * 59) + (minVerificationCodeSendPeriod == null ? 43 : minVerificationCodeSendPeriod.hashCode());
            TwoFaProviderType type = getType();
            int hashCode2 = (hashCode * 59) + (type == null ? 43 : type.hashCode());
            String contact = getContact();
            return (hashCode2 * 59) + (contact == null ? 43 : contact.hashCode());
        }

        public String toString() {
            return "TwoFactorAuthController.TwoFaProviderInfo(type=" + String.valueOf(getType()) + ", isDefault=" + isDefault() + ", contact=" + getContact() + ", minVerificationCodeSendPeriod=" + getMinVerificationCodeSendPeriod() + ")";
        }

        @ConstructorProperties({"type", "isDefault", "contact", "minVerificationCodeSendPeriod"})
        public TwoFaProviderInfo(TwoFaProviderType twoFaProviderType, boolean z, String str, Integer num) {
            this.type = twoFaProviderType;
            this.isDefault = z;
            this.contact = str;
            this.minVerificationCodeSendPeriod = num;
        }
    }

    @PostMapping({"/verification/send"})
    @ApiOperation(value = "Request 2FA verification code (requestTwoFaVerificationCode)", notes = "Request 2FA verification code.\n\nTo make a request to this endpoint, you need an access token with the scope of PRE_VERIFICATION_TOKEN, which is issued on username/password auth if 2FA is enabled.\n\nThe API method is rate limited (using rate limit config from TwoFactorAuthSettings). Will return a Bad Request error if provider is not configured for usage, and Too Many Requests error if rate limits are exceeded.")
    @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
    public void requestTwoFaVerificationCode(@RequestParam TwoFaProviderType twoFaProviderType) throws Exception {
        this.twoFactorAuthService.prepareVerificationCode(getCurrentUser(), twoFaProviderType, true);
    }

    @PostMapping({"/verification/check"})
    @ApiOperation(value = "Check 2FA verification code (checkTwoFaVerificationCode)", notes = "Checks 2FA verification code, and if it is correct the method returns a regular access and refresh token pair.\n\nThe API method is rate limited (using rate limit config from TwoFactorAuthSettings), and also will block a user after X unsuccessful verification attempts if such behavior is configured (in TwoFactorAuthSettings).\n\nWill return a Bad Request error if provider is not configured for usage, and Too Many Requests error if rate limits are exceeded.")
    @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
    public JwtPair checkTwoFaVerificationCode(@RequestParam TwoFaProviderType twoFaProviderType, @RequestParam String str, HttpServletRequest httpServletRequest) throws Exception {
        SecurityUser currentUser = getCurrentUser();
        if (this.twoFactorAuthService.checkVerificationCode(currentUser, twoFaProviderType, str, true)) {
            this.systemSecurityService.logLoginAction(currentUser, new RestAuthenticationDetails(httpServletRequest), ActionType.LOGIN, null);
            return this.tokenFactory.createTokenPair(new SecurityUser(this.userService.findUserById(currentUser.getTenantId(), currentUser.getId()), true, currentUser.getUserPrincipal()));
        }
        Exception thingsboardException = new ThingsboardException("Verification code is incorrect", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
        this.systemSecurityService.logLoginAction(currentUser, new RestAuthenticationDetails(httpServletRequest), ActionType.LOGIN, thingsboardException);
        throw thingsboardException;
    }

    @GetMapping({"/providers"})
    @ApiOperation(value = "Get available 2FA providers (getAvailableTwoFaProviders)", notes = "Get the list of 2FA provider infos available for user to use. Example:\n```\n[\n  {\n    \"type\": \"EMAIL\",\n    \"default\": true,\n    \"contact\": \"ab*****ko@gmail.com\"\n  },\n  {\n    \"type\": \"TOTP\",\n    \"default\": false,\n    \"contact\": null\n  },\n  {\n    \"type\": \"SMS\",\n    \"default\": false,\n    \"contact\": \"+38********12\"\n  }\n]\n```")
    @PreAuthorize("hasAuthority('PRE_VERIFICATION_TOKEN')")
    public List<TwoFaProviderInfo> getAvailableTwoFaProviders() throws ThingsboardException {
        SecurityUser currentUser = getCurrentUser();
        Optional<PlatformTwoFaSettings> platformTwoFaSettings = this.twoFaConfigManager.getPlatformTwoFaSettings(currentUser.getTenantId(), true);
        return (List) ((Collection) this.twoFaConfigManager.getAccountTwoFaSettings(currentUser.getTenantId(), currentUser.getId()).map(accountTwoFaSettings -> {
            return accountTwoFaSettings.getConfigs().values();
        }).orElse(Collections.emptyList())).stream().map(twoFaAccountConfig -> {
            String str = null;
            switch (AnonymousClass1.$SwitchMap$org$thingsboard$server$common$data$security$model$mfa$provider$TwoFaProviderType[twoFaAccountConfig.getProviderType().ordinal()]) {
                case 1:
                    String phoneNumber = ((SmsTwoFaAccountConfig) twoFaAccountConfig).getPhoneNumber();
                    str = StringUtils.obfuscate(phoneNumber, 2, '*', phoneNumber.indexOf(43) + 1, phoneNumber.length());
                    break;
                case CalculatedFieldEntityMessageProcessor.CALLBACKS_PER_CF /* 2 */:
                    String email = ((EmailTwoFaAccountConfig) twoFaAccountConfig).getEmail();
                    str = StringUtils.obfuscate(email, 2, '*', 0, email.indexOf(64));
                    break;
            }
            return TwoFaProviderInfo.builder().type(twoFaAccountConfig.getProviderType()).isDefault(twoFaAccountConfig.isUseByDefault()).contact(str).minVerificationCodeSendPeriod(((PlatformTwoFaSettings) platformTwoFaSettings.get()).getMinVerificationCodeSendPeriod()).build();
        }).collect(Collectors.toList());
    }

    @ConstructorProperties({"twoFactorAuthService", "twoFaConfigManager", "tokenFactory", "systemSecurityService", "userService"})
    public TwoFactorAuthController(TwoFactorAuthService twoFactorAuthService, TwoFaConfigManager twoFaConfigManager, JwtTokenFactory jwtTokenFactory, SystemSecurityService systemSecurityService, UserService userService) {
        this.twoFactorAuthService = twoFactorAuthService;
        this.twoFaConfigManager = twoFaConfigManager;
        this.tokenFactory = jwtTokenFactory;
        this.systemSecurityService = systemSecurityService;
        this.userService = userService;
    }
}
