package org.thingsboard.server.controller;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest;
import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.MoreExecutors;
import io.swagger.v3.oas.annotations.Parameter;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.util.List;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.request.async.DeferredResult;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.rule.engine.api.MailService;
import org.thingsboard.rule.engine.api.SmsService;
import org.thingsboard.server.common.data.AdminSettings;
import org.thingsboard.server.common.data.FeaturesInfo;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.SystemInfo;
import org.thingsboard.server.common.data.UpdateMessage;
import org.thingsboard.server.common.data.audit.ActionType;
import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.security.model.JwtPair;
import org.thingsboard.server.common.data.security.model.JwtSettings;
import org.thingsboard.server.common.data.security.model.SecuritySettings;
import org.thingsboard.server.common.data.sms.config.TestSmsRequest;
import org.thingsboard.server.common.data.sync.vc.AutoCommitSettings;
import org.thingsboard.server.common.data.sync.vc.RepositorySettings;
import org.thingsboard.server.common.data.sync.vc.RepositorySettingsInfo;
import org.thingsboard.server.common.data.sync.vc.VcUtils;
import org.thingsboard.server.config.annotations.ApiOperation;
import org.thingsboard.server.dao.audit.AuditLogService;
import org.thingsboard.server.dao.settings.AdminSettingsService;
import org.thingsboard.server.dao.settings.SecuritySettingsService;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.security.auth.jwt.settings.JwtSettingsService;
import org.thingsboard.server.service.security.auth.oauth2.CookieUtils;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
import org.thingsboard.server.service.security.permission.Operation;
import org.thingsboard.server.service.security.permission.Resource;
import org.thingsboard.server.service.security.system.SystemSecurityService;
import org.thingsboard.server.service.sync.vc.EntitiesVersionControlService;
import org.thingsboard.server.service.sync.vc.autocommit.TbAutoCommitSettingsService;
import org.thingsboard.server.service.system.SystemInfoService;
import org.thingsboard.server.service.update.UpdateService;

@RequestMapping({"/api/admin"})
@TbCoreComponent
@RestController
/* loaded from: input_file:org/thingsboard/server/controller/AdminController.class */
public class AdminController extends BaseController {
    private static final Logger log = LoggerFactory.getLogger(AdminController.class);
    private static final String PREV_URI_PATH_PARAMETER = "prevUri";
    private static final String PREV_URI_COOKIE_NAME = "prev_uri";
    private static final String STATE_COOKIE_NAME = "state";
    private static final String MAIL_SETTINGS_KEY = "mail";
    private final MailService mailService;
    private final SmsService smsService;
    private final AdminSettingsService adminSettingsService;
    private final SystemSecurityService systemSecurityService;
    private final SecuritySettingsService securitySettingsService;
    private final JwtSettingsService jwtSettingsService;
    private final JwtTokenFactory tokenFactory;
    private final EntitiesVersionControlService versionControlService;
    private final TbAutoCommitSettingsService autoCommitSettingsService;
    private final UpdateService updateService;
    private final SystemInfoService systemInfoService;
    private final AuditLogService auditLogService;

    @Value("${queue.vc.request-timeout:180000}")
    private int vcRequestTimeout;

    @RequestMapping(value = {"/settings/{key}"}, method = {RequestMethod.GET})
    @ApiOperation(value = "Get the Administration Settings object using key (getAdminSettings)", notes = "Get the Administration Settings object using specified string key. Referencing non-existing key will cause an error.\n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public AdminSettings getAdminSettings(@PathVariable("key") @Parameter(description = "A string value of the key (e.g. 'general' or 'mail').") String str) throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.READ);
        AdminSettings adminSettings = (AdminSettings) checkNotNull((AdminController) this.adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, str), "No Administration settings found for key: " + str);
        if (adminSettings.getKey().equals(MAIL_SETTINGS_KEY)) {
            adminSettings.getJsonValue().remove("password");
            adminSettings.getJsonValue().remove("refreshToken");
        }
        return adminSettings;
    }

    @RequestMapping(value = {"/settings"}, method = {RequestMethod.POST})
    @ApiOperation(value = "Creates or Updates the Administration Settings (saveAdminSettings)", notes = "Creates or Updates the Administration Settings. Platform generates random Administration Settings Id during settings creation. The Administration Settings Id will be present in the response. Specify the Administration Settings Id when you would like to update the Administration Settings. Referencing non-existing Administration Settings Id will cause an error.\n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public AdminSettings saveAdminSettings(@Parameter(description = "A JSON value representing the Administration Settings.") @RequestBody AdminSettings adminSettings) throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.WRITE);
        adminSettings.setTenantId(getTenantId());
        AdminSettings adminSettings2 = (AdminSettings) checkNotNull((AdminController) this.adminSettingsService.saveAdminSettings(TenantId.SYS_TENANT_ID, adminSettings));
        if (adminSettings2.getKey().equals(MAIL_SETTINGS_KEY)) {
            this.mailService.updateMailConfiguration();
            adminSettings2.getJsonValue().remove("password");
            adminSettings2.getJsonValue().remove("refreshToken");
        } else if (adminSettings2.getKey().equals("sms")) {
            this.smsService.updateSmsConfiguration();
        }
        return adminSettings2;
    }

    @RequestMapping(value = {"/securitySettings"}, method = {RequestMethod.GET})
    @ApiOperation(value = "Get the Security Settings object (getSecuritySettings)", notes = "Get the Security Settings object that contains password policy, etc.\n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public SecuritySettings getSecuritySettings() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.READ);
        return (SecuritySettings) checkNotNull((AdminController) this.securitySettingsService.getSecuritySettings());
    }

    @RequestMapping(value = {"/securitySettings"}, method = {RequestMethod.POST})
    @ApiOperation(value = "Update Security Settings (saveSecuritySettings)", notes = "Updates the Security Settings object that contains password policy, etc.\n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public SecuritySettings saveSecuritySettings(@Parameter(description = "A JSON value representing the Security Settings.") @RequestBody SecuritySettings securitySettings) throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.WRITE);
        return (SecuritySettings) checkNotNull((AdminController) this.securitySettingsService.saveSecuritySettings(securitySettings));
    }

    @RequestMapping(value = {"/jwtSettings"}, method = {RequestMethod.GET})
    @ApiOperation(value = "Get the JWT Settings object (getJwtSettings)", notes = "Get the JWT Settings object that contains JWT token policy, etc. \n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public JwtSettings getJwtSettings() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.READ);
        return (JwtSettings) checkNotNull((AdminController) this.jwtSettingsService.getJwtSettings());
    }

    @RequestMapping(value = {"/jwtSettings"}, method = {RequestMethod.POST})
    @ApiOperation(value = "Update JWT Settings (saveJwtSettings)", notes = "Updates the JWT Settings object that contains JWT token policy, etc. The tokenSigningKey field is a Base64 encoded string.\n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public JwtPair saveJwtSettings(@Parameter(description = "A JSON value representing the JWT Settings.") @RequestBody JwtSettings jwtSettings) throws ThingsboardException {
        SecurityUser currentUser = getCurrentUser();
        this.accessControlService.checkPermission(currentUser, Resource.ADMIN_SETTINGS, Operation.WRITE);
        checkNotNull((AdminController) this.jwtSettingsService.saveJwtSettings(jwtSettings));
        return this.tokenFactory.createTokenPair(currentUser);
    }

    @RequestMapping(value = {"/settings/testMail"}, method = {RequestMethod.POST})
    @ApiOperation(value = "Send test email (sendTestMail)", notes = "Attempts to send test email to the System Administrator User using Mail Settings provided as a parameter. You may change the 'To' email in the user profile of the System Administrator. \n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    public void sendTestMail(@Parameter(description = "A JSON value representing the Mail Settings.") @RequestBody AdminSettings adminSettings) throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.READ);
        AdminSettings adminSettings2 = (AdminSettings) checkNotNull((AdminController) adminSettings);
        if (adminSettings2.getKey().equals(MAIL_SETTINGS_KEY)) {
            if (adminSettings2.getJsonValue().has("enableOauth2") && adminSettings2.getJsonValue().get("enableOauth2").asBoolean()) {
                JsonNode jsonNode = ((AdminSettings) checkNotNull((AdminController) this.adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, MAIL_SETTINGS_KEY))).getJsonValue().get("refreshToken");
                if (jsonNode == null) {
                    throw new ThingsboardException("Refresh token was not generated. Please, generate refresh token.", ThingsboardErrorCode.GENERAL);
                }
                adminSettings2.getJsonValue().put("refreshToken", jsonNode.asText());
            } else if (!adminSettings2.getJsonValue().has("password")) {
                adminSettings2.getJsonValue().put("password", ((AdminSettings) checkNotNull((AdminController) this.adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, MAIL_SETTINGS_KEY))).getJsonValue().get("password").asText());
            }
            try {
                this.mailService.sendTestMail(adminSettings2.getJsonValue(), getCurrentUser().getEmail());
            } catch (ThingsboardException e) {
                String message = e.getMessage();
                if (e.getCause() != null) {
                    message = message + ": " + e.getCause().getMessage();
                }
                throw new ThingsboardException(message, e.getErrorCode());
            }
        }
    }

    @RequestMapping(value = {"/settings/testSms"}, method = {RequestMethod.POST})
    @ApiOperation(value = "Send test sms (sendTestSms)", notes = "Attempts to send test sms to the System Administrator User using SMS Settings and phone number provided as a parameters of the request. \n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    public void sendTestSms(@Parameter(description = "A JSON value representing the Test SMS request.") @RequestBody TestSmsRequest testSmsRequest) throws ThingsboardException {
        SecurityUser currentUser = getCurrentUser();
        this.accessControlService.checkPermission(currentUser, Resource.ADMIN_SETTINGS, Operation.READ);
        try {
            this.smsService.sendTestSms(testSmsRequest);
            this.auditLogService.logEntityAction(currentUser.getTenantId(), currentUser.getCustomerId(), currentUser.getId(), currentUser.getName(), currentUser.getId(), currentUser, ActionType.SMS_SENT, (Exception) null, new Object[]{testSmsRequest.getNumberTo()});
        } catch (ThingsboardException e) {
            this.auditLogService.logEntityAction(currentUser.getTenantId(), currentUser.getCustomerId(), currentUser.getId(), currentUser.getName(), currentUser.getId(), currentUser, ActionType.SMS_SENT, e, new Object[]{testSmsRequest.getNumberTo()});
            throw e;
        }
    }

    @GetMapping({"/repositorySettings"})
    @ApiOperation(value = "Get repository settings (getRepositorySettings)", notes = "Get the repository settings object. \n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    public RepositorySettings getRepositorySettings() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.READ);
        RepositorySettings repositorySettings = (RepositorySettings) checkNotNull((AdminController) this.versionControlService.getVersionControlSettings(getTenantId()));
        repositorySettings.setPassword((String) null);
        repositorySettings.setPrivateKey((String) null);
        repositorySettings.setPrivateKeyPassword((String) null);
        return repositorySettings;
    }

    @GetMapping({"/repositorySettings/exists"})
    @ApiOperation(value = "Check repository settings exists (repositorySettingsExists)", notes = "Check whether the repository settings exists. \n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    public Boolean repositorySettingsExists() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.READ);
        return Boolean.valueOf(this.versionControlService.getVersionControlSettings(getTenantId()) != null);
    }

    @GetMapping({"/repositorySettings/info"})
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    public RepositorySettingsInfo getRepositorySettingsInfo() throws Exception {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.READ);
        RepositorySettings versionControlSettings = this.versionControlService.getVersionControlSettings(getTenantId());
        return versionControlSettings != null ? RepositorySettingsInfo.builder().configured(true).readOnly(Boolean.valueOf(versionControlSettings.isReadOnly())).build() : RepositorySettingsInfo.builder().configured(false).build();
    }

    @PostMapping({"/repositorySettings"})
    @ApiOperation(value = "Creates or Updates the repository settings (saveRepositorySettings)", notes = "Creates or Updates the repository settings object. \n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    public DeferredResult<RepositorySettings> saveRepositorySettings(@RequestBody RepositorySettings repositorySettings) throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.WRITE);
        repositorySettings.setLocalOnly(false);
        return wrapFuture(Futures.transform(this.versionControlService.saveVersionControlSettings(getTenantId(), repositorySettings), repositorySettings2 -> {
            repositorySettings2.setPassword((String) null);
            repositorySettings2.setPrivateKey((String) null);
            repositorySettings2.setPrivateKeyPassword((String) null);
            return repositorySettings2;
        }, MoreExecutors.directExecutor()), this.vcRequestTimeout);
    }

    @RequestMapping(value = {"/repositorySettings"}, method = {RequestMethod.DELETE})
    @ApiOperation(value = "Delete repository settings (deleteRepositorySettings)", notes = "Deletes the repository settings.\n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    @ResponseStatus(HttpStatus.OK)
    public DeferredResult<Void> deleteRepositorySettings() throws Exception {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.DELETE);
        return wrapFuture(this.versionControlService.deleteVersionControlSettings(getTenantId()), this.vcRequestTimeout);
    }

    @RequestMapping(value = {"/repositorySettings/checkAccess"}, method = {RequestMethod.POST})
    @ApiOperation(value = "Check repository access (checkRepositoryAccess)", notes = "Attempts to check repository access. \n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    public DeferredResult<Void> checkRepositoryAccess(@Parameter(description = "A JSON value representing the Repository Settings.") @RequestBody RepositorySettings repositorySettings) throws Exception {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.READ);
        repositorySettings.setLocalOnly(false);
        return wrapFuture(this.versionControlService.checkVersionControlAccess(getTenantId(), repositorySettings), this.vcRequestTimeout);
    }

    @GetMapping({"/autoCommitSettings"})
    @ApiOperation(value = "Get auto commit settings (getAutoCommitSettings)", notes = "Get the auto commit settings object. \n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    public AutoCommitSettings getAutoCommitSettings() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.READ);
        return (AutoCommitSettings) checkNotNull((AdminController) this.autoCommitSettingsService.get(getTenantId()));
    }

    @GetMapping({"/autoCommitSettings/exists"})
    @ApiOperation(value = "Check auto commit settings exists (autoCommitSettingsExists)", notes = "Check whether the auto commit settings exists. \n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    public Boolean autoCommitSettingsExists() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.READ);
        return Boolean.valueOf(this.autoCommitSettingsService.get(getTenantId()) != null);
    }

    @PostMapping({"/autoCommitSettings"})
    @ApiOperation(value = "Creates or Updates the auto commit settings (saveAutoCommitSettings)", notes = "Creates or Updates the auto commit settings object. \n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    public AutoCommitSettings saveAutoCommitSettings(@RequestBody AutoCommitSettings autoCommitSettings) throws ThingsboardException {
        autoCommitSettings.values().forEach(autoVersionCreateConfig -> {
            VcUtils.checkBranchName(autoVersionCreateConfig.getBranch());
        });
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.WRITE);
        return this.autoCommitSettingsService.save(getTenantId(), autoCommitSettings);
    }

    @RequestMapping(value = {"/autoCommitSettings"}, method = {RequestMethod.DELETE})
    @ApiOperation(value = "Delete auto commit settings (deleteAutoCommitSettings)", notes = "Deletes the auto commit settings.\n\nAvailable for users with 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
    @ResponseStatus(HttpStatus.OK)
    public void deleteAutoCommitSettings() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.VERSION_CONTROL, Operation.DELETE);
        this.autoCommitSettingsService.delete(getTenantId());
    }

    @RequestMapping(value = {"/updates"}, method = {RequestMethod.GET})
    @ApiOperation(value = "Check for new Platform Releases (checkUpdates)", notes = "Check notifications about new platform releases. \n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public UpdateMessage checkUpdates() throws ThingsboardException {
        return this.updateService.checkUpdates();
    }

    @RequestMapping(value = {"/systemInfo"}, method = {RequestMethod.GET})
    @ApiOperation(value = "Get system info (getSystemInfo)", notes = "Get main information about system. \n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public SystemInfo getSystemInfo() throws ThingsboardException {
        return this.systemInfoService.getSystemInfo();
    }

    @RequestMapping(value = {"/featuresInfo"}, method = {RequestMethod.GET})
    @ApiOperation(value = "Get features info (getFeaturesInfo)", notes = "Get information about enabled/disabled features. \n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @ResponseBody
    public FeaturesInfo getFeaturesInfo() {
        return this.systemInfoService.getFeaturesInfo();
    }

    @RequestMapping(value = {"/mail/oauth2/loginProcessingUrl"}, method = {RequestMethod.GET})
    @ApiOperation(value = "Get OAuth2 log in processing URL (getMailProcessingUrl)", notes = "Returns the URL enclosed in double quotes. After successful authentication with OAuth2 provider and user consent for requested scope, it makes a redirect to this path so that the platform can do further log in processing and generating access tokens. \n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
    @ResponseBody
    public String getMailProcessingUrl() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.READ);
        return "\"/api/admin/mail/oauth2/code\"";
    }

    @RequestMapping(value = {"/mail/oauth2/authorize"}, method = {RequestMethod.GET}, produces = {"application/text"})
    @ApiOperation(value = "Redirect user to mail provider login page. ", notes = "After user logged in and provided accessprovider sends authorization code to specified redirect uri.)")
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    public String getAuthorizationUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ThingsboardException {
        String generateSafeToken = StringUtils.generateSafeToken();
        if (httpServletRequest.getParameter("prevUri") != null) {
            CookieUtils.addCookie(httpServletResponse, "prev_uri", httpServletRequest.getParameter("prevUri"), 180);
        }
        CookieUtils.addCookie(httpServletResponse, STATE_COOKIE_NAME, generateSafeToken, 180);
        this.accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.READ);
        JsonNode jsonValue = ((AdminSettings) checkNotNull((AdminController) this.adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, MAIL_SETTINGS_KEY), "No Administration mail settings found")).getJsonValue();
        String asText = ((JsonNode) checkNotNull((AdminController) jsonValue.get("clientId"), "No clientId was configured")).asText();
        String asText2 = ((JsonNode) checkNotNull((AdminController) jsonValue.get("authUri"), "No authorization uri was configured")).asText();
        return "\"" + new AuthorizationCodeRequestUrl(asText2, asText).setScopes((List) JacksonUtil.convertValue(checkNotNull((AdminController) jsonValue.get("scope"), "No scope was configured"), new TypeReference<List<String>>() { // from class: org.thingsboard.server.controller.AdminController.1
        })).setState(generateSafeToken).setRedirectUri(((JsonNode) checkNotNull((AdminController) jsonValue.get("redirectUri"), "No Redirect uri was configured")).asText()).build() + "\"";
    }

    @RequestMapping(value = {"/mail/oauth2/code"}, params = {"code", STATE_COOKIE_NAME}, method = {RequestMethod.GET})
    public void codeProcessingUrl(@RequestParam("code") String str, @RequestParam("state") String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ThingsboardException, IOException {
        Optional<Cookie> cookie = CookieUtils.getCookie(httpServletRequest, "prev_uri");
        Optional<Cookie> cookie2 = CookieUtils.getCookie(httpServletRequest, STATE_COOKIE_NAME);
        String str3 = this.systemSecurityService.getBaseUrl(TenantId.SYS_TENANT_ID, new CustomerId(EntityId.NULL_UUID), httpServletRequest) + (cookie.isPresent() ? cookie.get().getValue() : "/settings/outgoing-mail");
        if (cookie2.isEmpty() || !cookie2.get().getValue().equals(str2)) {
            CookieUtils.deleteCookie(httpServletRequest, httpServletResponse, STATE_COOKIE_NAME);
            throw new ThingsboardException("Refresh token was not generated, invalid state param", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
        }
        CookieUtils.deleteCookie(httpServletRequest, httpServletResponse, STATE_COOKIE_NAME);
        CookieUtils.deleteCookie(httpServletRequest, httpServletResponse, "prev_uri");
        AdminSettings adminSettings = (AdminSettings) checkNotNull((AdminController) this.adminSettingsService.findAdminSettingsByKey(TenantId.SYS_TENANT_ID, MAIL_SETTINGS_KEY), "No Administration mail settings found");
        ObjectNode jsonValue = adminSettings.getJsonValue();
        try {
            jsonValue.put("refreshToken", new AuthorizationCodeTokenRequest(new NetHttpTransport(), new GsonFactory(), new GenericUrl(((JsonNode) checkNotNull((AdminController) jsonValue.get("tokenUri"), "No authorization uri was configured")).asText()), str).setRedirectUri(((JsonNode) checkNotNull((AdminController) jsonValue.get("redirectUri"), "No Redirect uri was configured")).asText()).setClientAuthentication(new ClientParametersAuthentication(((JsonNode) checkNotNull((AdminController) jsonValue.get("clientId"), "No clientId was configured")).asText(), ((JsonNode) checkNotNull((AdminController) jsonValue.get("clientSecret"), "No client secret was configured")).asText())).execute().getRefreshToken());
            jsonValue.put("tokenGenerated", true);
            this.adminSettingsService.saveAdminSettings(TenantId.SYS_TENANT_ID, adminSettings);
            httpServletResponse.sendRedirect(str3);
        } catch (IOException e) {
            log.warn("Unable to retrieve refresh token: {}", e.getMessage());
            throw new ThingsboardException("Error while requesting access token: " + e.getMessage(), ThingsboardErrorCode.GENERAL);
        }
    }

    @ConstructorProperties({"mailService", "smsService", "adminSettingsService", "systemSecurityService", "securitySettingsService", "jwtSettingsService", "tokenFactory", "versionControlService", "autoCommitSettingsService", "updateService", "systemInfoService", "auditLogService"})
    public AdminController(MailService mailService, SmsService smsService, AdminSettingsService adminSettingsService, SystemSecurityService systemSecurityService, SecuritySettingsService securitySettingsService, JwtSettingsService jwtSettingsService, JwtTokenFactory jwtTokenFactory, EntitiesVersionControlService entitiesVersionControlService, TbAutoCommitSettingsService tbAutoCommitSettingsService, UpdateService updateService, SystemInfoService systemInfoService, AuditLogService auditLogService) {
        this.mailService = mailService;
        this.smsService = smsService;
        this.adminSettingsService = adminSettingsService;
        this.systemSecurityService = systemSecurityService;
        this.securitySettingsService = securitySettingsService;
        this.jwtSettingsService = jwtSettingsService;
        this.tokenFactory = jwtTokenFactory;
        this.versionControlService = entitiesVersionControlService;
        this.autoCommitSettingsService = tbAutoCommitSettingsService;
        this.updateService = updateService;
        this.systemInfoService = systemInfoService;
        this.auditLogService = auditLogService;
    }
}
