package org.thingsboard.server.dao.user;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.google.common.util.concurrent.ListenableFuture;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.thingsboard.server.common.data.Customer;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.id.UUIDBased;
import org.thingsboard.server.common.data.id.UserCredentialsId;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.page.TextPageData;
import org.thingsboard.server.common.data.page.TextPageLink;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.common.data.security.UserCredentials;
import org.thingsboard.server.dao.customer.CustomerDao;
import org.thingsboard.server.dao.entity.AbstractEntityService;
import org.thingsboard.server.dao.exception.DataValidationException;
import org.thingsboard.server.dao.exception.IncorrectParameterException;
import org.thingsboard.server.dao.model.ModelConstants;
import org.thingsboard.server.dao.service.DataValidator;
import org.thingsboard.server.dao.service.PaginatedRemover;
import org.thingsboard.server.dao.service.Validator;
import org.thingsboard.server.dao.tenant.TenantDao;

@Service
/* loaded from: input_file:org/thingsboard/server/dao/user/UserServiceImpl.class */
public class UserServiceImpl extends AbstractEntityService implements UserService {
    public static final String USER_PASSWORD_HISTORY = "userPasswordHistory";
    private static final String LAST_LOGIN_TS = "lastLoginTs";
    private static final String FAILED_LOGIN_ATTEMPTS = "failedLoginAttempts";
    private static final int DEFAULT_TOKEN_LENGTH = 30;
    public static final String INCORRECT_USER_ID = "Incorrect userId ";
    public static final String INCORRECT_TENANT_ID = "Incorrect tenantId ";
    private static final String USER_CREDENTIALS_ENABLED = "userCredentialsEnabled";

    @Value("${security.user_login_case_sensitive:true}")
    private boolean userLoginCaseSensitive;

    @Autowired
    private UserDao userDao;

    @Autowired
    private UserCredentialsDao userCredentialsDao;

    @Autowired
    private TenantDao tenantDao;

    @Autowired
    private CustomerDao customerDao;
    private DataValidator<User> userValidator = new DataValidator<User>() { // from class: org.thingsboard.server.dao.user.UserServiceImpl.1
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.DataValidator
        public void validateDataImpl(TenantId tenantId, User user) {
            if (StringUtils.isEmpty(user.getEmail())) {
                throw new DataValidationException("User email should be specified!");
            }
            validateEmail(user.getEmail());
            Authority authority = user.getAuthority();
            if (authority == null) {
                throw new DataValidationException("User authority isn't defined!");
            }
            TenantId tenantId2 = user.getTenantId();
            if (tenantId2 == null) {
                tenantId2 = new TenantId(ModelConstants.NULL_UUID);
                user.setTenantId(tenantId2);
            }
            CustomerId customerId = user.getCustomerId();
            if (customerId == null) {
                customerId = new CustomerId(ModelConstants.NULL_UUID);
                user.setCustomerId(customerId);
            }
            switch (AnonymousClass5.$SwitchMap$org$thingsboard$server$common$data$security$Authority[authority.ordinal()]) {
                case 1:
                    if (!tenantId2.getId().equals(ModelConstants.NULL_UUID) || !customerId.getId().equals(ModelConstants.NULL_UUID)) {
                        throw new DataValidationException("System administrator can't be assigned neither to tenant nor to customer!");
                    }
                    break;
                case 2:
                    if (tenantId2.getId().equals(ModelConstants.NULL_UUID)) {
                        throw new DataValidationException("Tenant administrator should be assigned to tenant!");
                    }
                    if (!customerId.getId().equals(ModelConstants.NULL_UUID)) {
                        throw new DataValidationException("Tenant administrator can't be assigned to customer!");
                    }
                    break;
                case 3:
                    if (tenantId2.getId().equals(ModelConstants.NULL_UUID) || customerId.getId().equals(ModelConstants.NULL_UUID)) {
                        throw new DataValidationException("Customer user should be assigned to customer!");
                    }
                    break;
            }
            User findUserByEmail = UserServiceImpl.this.findUserByEmail(tenantId2, user.getEmail());
            if (findUserByEmail != null && !isSameData(findUserByEmail, user)) {
                throw new DataValidationException("User with email '" + user.getEmail() + "'  already present in database!");
            }
            if (!tenantId2.getId().equals(ModelConstants.NULL_UUID) && UserServiceImpl.this.tenantDao.findById(tenantId2, user.getTenantId().getId()) == null) {
                throw new DataValidationException("User is referencing to non-existent tenant!");
            }
            if (customerId.getId().equals(ModelConstants.NULL_UUID)) {
                return;
            }
            Customer findById = UserServiceImpl.this.customerDao.findById(tenantId2, user.getCustomerId().getId());
            if (findById == null) {
                throw new DataValidationException("User is referencing to non-existent customer!");
            }
            if (!findById.getTenantId().getId().equals(tenantId2.getId())) {
                throw new DataValidationException("User can't be assigned to customer from different tenant!");
            }
        }
    };
    private DataValidator<UserCredentials> userCredentialsValidator = new DataValidator<UserCredentials>() { // from class: org.thingsboard.server.dao.user.UserServiceImpl.2
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.DataValidator
        public void validateCreate(TenantId tenantId, UserCredentials userCredentials) {
            throw new IncorrectParameterException("Creation of new user credentials is prohibited.");
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.DataValidator
        public void validateDataImpl(TenantId tenantId, UserCredentials userCredentials) {
            if (userCredentials.getUserId() == null) {
                throw new DataValidationException("User credentials should be assigned to user!");
            }
            if (userCredentials.isEnabled()) {
                if (StringUtils.isEmpty(userCredentials.getPassword())) {
                    throw new DataValidationException("Enabled user credentials should have password!");
                }
                if (StringUtils.isNotEmpty(userCredentials.getActivateToken())) {
                    throw new DataValidationException("Enabled user credentials can't have activate token!");
                }
            }
            if (UserServiceImpl.this.userCredentialsDao.findById(tenantId, userCredentials.getId().getId()) == null) {
                throw new DataValidationException("Unable to update non-existent user credentials!");
            }
            if (UserServiceImpl.this.findUserById(tenantId, userCredentials.getUserId()) == null) {
                throw new DataValidationException("Can't assign user credentials to non-existent user!");
            }
        }
    };
    private PaginatedRemover<TenantId, User> tenantAdminsRemover = new PaginatedRemover<TenantId, User>() { // from class: org.thingsboard.server.dao.user.UserServiceImpl.3
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.PaginatedRemover
        public List<User> findEntities(TenantId tenantId, TenantId tenantId2, TextPageLink textPageLink) {
            return UserServiceImpl.this.userDao.findTenantAdmins(tenantId2.getId(), textPageLink);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.PaginatedRemover
        public void removeEntity(TenantId tenantId, User user) {
            UserServiceImpl.this.deleteUser(tenantId, new UserId(user.getUuidId()));
        }
    };
    private PaginatedRemover<CustomerId, User> customerUsersRemover = new PaginatedRemover<CustomerId, User>() { // from class: org.thingsboard.server.dao.user.UserServiceImpl.4
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.PaginatedRemover
        public List<User> findEntities(TenantId tenantId, CustomerId customerId, TextPageLink textPageLink) {
            return UserServiceImpl.this.userDao.findCustomerUsers(tenantId.getId(), customerId.getId(), textPageLink);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.PaginatedRemover
        public void removeEntity(TenantId tenantId, User user) {
            UserServiceImpl.this.deleteUser(tenantId, new UserId(user.getUuidId()));
        }
    };
    private static final Logger log = LoggerFactory.getLogger(UserServiceImpl.class);
    private static final ObjectMapper objectMapper = new ObjectMapper();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.thingsboard.server.dao.user.UserServiceImpl$5, reason: invalid class name */
    /* loaded from: input_file:org/thingsboard/server/dao/user/UserServiceImpl$5.class */
    public static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] $SwitchMap$org$thingsboard$server$common$data$security$Authority = new int[Authority.values().length];

        static {
            try {
                $SwitchMap$org$thingsboard$server$common$data$security$Authority[Authority.SYS_ADMIN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$security$Authority[Authority.TENANT_ADMIN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$security$Authority[Authority.CUSTOMER_USER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public User findUserByEmail(TenantId tenantId, String str) {
        log.trace("Executing findUserByEmail [{}]", str);
        Validator.validateString(str, "Incorrect email " + str);
        return this.userLoginCaseSensitive ? this.userDao.findByEmail(tenantId, str) : this.userDao.findByEmail(tenantId, str.toLowerCase());
    }

    public User findUserById(TenantId tenantId, UserId userId) {
        log.trace("Executing findUserById [{}]", userId);
        Validator.validateId((UUIDBased) userId, INCORRECT_USER_ID + userId);
        return this.userDao.findById(tenantId, userId.getId());
    }

    public ListenableFuture<User> findUserByIdAsync(TenantId tenantId, UserId userId) {
        log.trace("Executing findUserByIdAsync [{}]", userId);
        Validator.validateId((UUIDBased) userId, INCORRECT_USER_ID + userId);
        return this.userDao.findByIdAsync(tenantId, userId.getId());
    }

    public User saveUser(User user) {
        log.trace("Executing saveUser [{}]", user);
        this.userValidator.validate(user, (v0) -> {
            return v0.getTenantId();
        });
        if (!this.userLoginCaseSensitive) {
            user.setEmail(user.getEmail().toLowerCase());
        }
        User save = this.userDao.save(user.getTenantId(), user);
        if (user.getId() == null) {
            UserCredentials userCredentials = new UserCredentials();
            userCredentials.setEnabled(false);
            userCredentials.setActivateToken(RandomStringUtils.randomAlphanumeric(DEFAULT_TOKEN_LENGTH));
            userCredentials.setUserId(new UserId(save.getUuidId()));
            saveUserCredentialsAndPasswordHistory(user.getTenantId(), userCredentials);
        }
        return save;
    }

    public UserCredentials findUserCredentialsByUserId(TenantId tenantId, UserId userId) {
        log.trace("Executing findUserCredentialsByUserId [{}]", userId);
        Validator.validateId((UUIDBased) userId, INCORRECT_USER_ID + userId);
        return this.userCredentialsDao.findByUserId(tenantId, userId.getId());
    }

    public UserCredentials findUserCredentialsByActivateToken(TenantId tenantId, String str) {
        log.trace("Executing findUserCredentialsByActivateToken [{}]", str);
        Validator.validateString(str, "Incorrect activateToken " + str);
        return this.userCredentialsDao.findByActivateToken(tenantId, str);
    }

    public UserCredentials findUserCredentialsByResetToken(TenantId tenantId, String str) {
        log.trace("Executing findUserCredentialsByResetToken [{}]", str);
        Validator.validateString(str, "Incorrect resetToken " + str);
        return this.userCredentialsDao.findByResetToken(tenantId, str);
    }

    public UserCredentials saveUserCredentials(TenantId tenantId, UserCredentials userCredentials) {
        log.trace("Executing saveUserCredentials [{}]", userCredentials);
        this.userCredentialsValidator.validate(userCredentials, userCredentials2 -> {
            return tenantId;
        });
        return saveUserCredentialsAndPasswordHistory(tenantId, userCredentials);
    }

    public UserCredentials activateUserCredentials(TenantId tenantId, String str, String str2) {
        log.trace("Executing activateUserCredentials activateToken [{}], password [{}]", str, str2);
        Validator.validateString(str, "Incorrect activateToken " + str);
        Validator.validateString(str2, "Incorrect password " + str2);
        UserCredentials findByActivateToken = this.userCredentialsDao.findByActivateToken(tenantId, str);
        if (findByActivateToken == null) {
            throw new IncorrectParameterException(String.format("Unable to find user credentials by activateToken [%s]", str));
        }
        if (findByActivateToken.isEnabled()) {
            throw new IncorrectParameterException("User credentials already activated");
        }
        findByActivateToken.setEnabled(true);
        findByActivateToken.setActivateToken((String) null);
        findByActivateToken.setPassword(str2);
        return saveUserCredentials(tenantId, findByActivateToken);
    }

    public UserCredentials requestPasswordReset(TenantId tenantId, String str) {
        log.trace("Executing requestPasswordReset email [{}]", str);
        Validator.validateString(str, "Incorrect email " + str);
        User findByEmail = this.userDao.findByEmail(tenantId, str);
        if (findByEmail == null) {
            throw new IncorrectParameterException(String.format("Unable to find user by email [%s]", str));
        }
        UserCredentials findByUserId = this.userCredentialsDao.findByUserId(tenantId, findByEmail.getUuidId());
        if (!findByUserId.isEnabled()) {
            throw new IncorrectParameterException("Unable to reset password for inactive user");
        }
        findByUserId.setResetToken(RandomStringUtils.randomAlphanumeric(DEFAULT_TOKEN_LENGTH));
        return saveUserCredentials(tenantId, findByUserId);
    }

    public UserCredentials requestExpiredPasswordReset(TenantId tenantId, UserCredentialsId userCredentialsId) {
        UserCredentials findById = this.userCredentialsDao.findById(tenantId, userCredentialsId.getId());
        if (!findById.isEnabled()) {
            throw new IncorrectParameterException("Unable to reset password for inactive user");
        }
        findById.setResetToken(RandomStringUtils.randomAlphanumeric(DEFAULT_TOKEN_LENGTH));
        return saveUserCredentials(tenantId, findById);
    }

    public UserCredentials replaceUserCredentials(TenantId tenantId, UserCredentials userCredentials) {
        log.trace("Executing replaceUserCredentials [{}]", userCredentials);
        this.userCredentialsValidator.validate(userCredentials, userCredentials2 -> {
            return tenantId;
        });
        this.userCredentialsDao.removeById(tenantId, userCredentials.getUuidId());
        userCredentials.setId((UUIDBased) null);
        return saveUserCredentialsAndPasswordHistory(tenantId, userCredentials);
    }

    public void deleteUser(TenantId tenantId, UserId userId) {
        log.trace("Executing deleteUser [{}]", userId);
        Validator.validateId((UUIDBased) userId, INCORRECT_USER_ID + userId);
        this.userCredentialsDao.removeById(tenantId, this.userCredentialsDao.findByUserId(tenantId, userId.getId()).getUuidId());
        deleteEntityRelations(tenantId, userId);
        this.userDao.removeById(tenantId, userId.getId());
    }

    public TextPageData<User> findTenantAdmins(TenantId tenantId, TextPageLink textPageLink) {
        log.trace("Executing findTenantAdmins, tenantId [{}], pageLink [{}]", tenantId, textPageLink);
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validatePageLink(textPageLink, "Incorrect page link " + textPageLink);
        return new TextPageData<>(this.userDao.findTenantAdmins(tenantId.getId(), textPageLink), textPageLink);
    }

    public void deleteTenantAdmins(TenantId tenantId) {
        log.trace("Executing deleteTenantAdmins, tenantId [{}]", tenantId);
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        this.tenantAdminsRemover.removeEntities(tenantId, tenantId);
    }

    public TextPageData<User> findCustomerUsers(TenantId tenantId, CustomerId customerId, TextPageLink textPageLink) {
        log.trace("Executing findCustomerUsers, tenantId [{}], customerId [{}], pageLink [{}]", new Object[]{tenantId, customerId, textPageLink});
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validateId((UUIDBased) customerId, "Incorrect customerId " + customerId);
        Validator.validatePageLink(textPageLink, "Incorrect page link " + textPageLink);
        return new TextPageData<>(this.userDao.findCustomerUsers(tenantId.getId(), customerId.getId(), textPageLink), textPageLink);
    }

    public void deleteCustomerUsers(TenantId tenantId, CustomerId customerId) {
        log.trace("Executing deleteCustomerUsers, customerId [{}]", customerId);
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validateId((UUIDBased) customerId, "Incorrect customerId " + customerId);
        this.customerUsersRemover.removeEntities(tenantId, customerId);
    }

    public void setUserCredentialsEnabled(TenantId tenantId, UserId userId, boolean z) {
        log.trace("Executing setUserCredentialsEnabled [{}], [{}]", userId, Boolean.valueOf(z));
        Validator.validateId((UUIDBased) userId, INCORRECT_USER_ID + userId);
        UserCredentials findByUserId = this.userCredentialsDao.findByUserId(tenantId, userId.getId());
        findByUserId.setEnabled(z);
        saveUserCredentials(tenantId, findByUserId);
        User findUserById = findUserById(tenantId, userId);
        ObjectNode additionalInfo = findUserById.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = objectMapper.createObjectNode();
        }
        additionalInfo.put(USER_CREDENTIALS_ENABLED, z);
        findUserById.setAdditionalInfo(additionalInfo);
        if (z) {
            resetFailedLoginAttempts(findUserById);
        }
        this.userDao.save(findUserById.getTenantId(), findUserById);
    }

    public void onUserLoginSuccessful(TenantId tenantId, UserId userId) {
        log.trace("Executing onUserLoginSuccessful [{}]", userId);
        User findUserById = findUserById(tenantId, userId);
        setLastLoginTs(findUserById);
        resetFailedLoginAttempts(findUserById);
        saveUser(findUserById);
    }

    private void setLastLoginTs(User user) {
        ObjectNode additionalInfo = user.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = objectMapper.createObjectNode();
        }
        additionalInfo.put(LAST_LOGIN_TS, System.currentTimeMillis());
        user.setAdditionalInfo(additionalInfo);
    }

    private void resetFailedLoginAttempts(User user) {
        ObjectNode additionalInfo = user.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = objectMapper.createObjectNode();
        }
        additionalInfo.put(FAILED_LOGIN_ATTEMPTS, 0);
        user.setAdditionalInfo(additionalInfo);
    }

    public int onUserLoginIncorrectCredentials(TenantId tenantId, UserId userId) {
        log.trace("Executing onUserLoginIncorrectCredentials [{}]", userId);
        User findUserById = findUserById(tenantId, userId);
        int increaseFailedLoginAttempts = increaseFailedLoginAttempts(findUserById);
        saveUser(findUserById);
        return increaseFailedLoginAttempts;
    }

    private int increaseFailedLoginAttempts(User user) {
        ObjectNode additionalInfo = user.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = objectMapper.createObjectNode();
        }
        int i = 0;
        if (additionalInfo.has(FAILED_LOGIN_ATTEMPTS)) {
            i = additionalInfo.get(FAILED_LOGIN_ATTEMPTS).asInt();
        }
        int i2 = i + 1;
        additionalInfo.put(FAILED_LOGIN_ATTEMPTS, i2);
        user.setAdditionalInfo(additionalInfo);
        return i2;
    }

    private UserCredentials saveUserCredentialsAndPasswordHistory(TenantId tenantId, UserCredentials userCredentials) {
        UserCredentials save = this.userCredentialsDao.save(tenantId, userCredentials);
        User findUserById = findUserById(tenantId, userCredentials.getUserId());
        if (userCredentials.getPassword() != null) {
            updatePasswordHistory(findUserById, userCredentials);
        }
        return save;
    }

    private void updatePasswordHistory(User user, UserCredentials userCredentials) {
        ObjectNode additionalInfo = user.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = objectMapper.createObjectNode();
        }
        if (additionalInfo.has(USER_PASSWORD_HISTORY)) {
            Map map = (Map) objectMapper.convertValue(additionalInfo.get(USER_PASSWORD_HISTORY), Map.class);
            map.put(Long.toString(System.currentTimeMillis()), userCredentials.getPassword());
            additionalInfo.replace(USER_PASSWORD_HISTORY, objectMapper.valueToTree(map));
        } else {
            HashMap hashMap = new HashMap();
            hashMap.put(Long.toString(System.currentTimeMillis()), userCredentials.getPassword());
            additionalInfo.set(USER_PASSWORD_HISTORY, objectMapper.valueToTree(hashMap));
        }
        user.setAdditionalInfo(additionalInfo);
        saveUser(user);
    }
}
