package org.thingsboard.server.dao.user;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.google.common.util.concurrent.ListenableFuture;
import java.beans.ConstructorProperties;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.EntityType;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.audit.ActionType;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.HasId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.id.TenantProfileId;
import org.thingsboard.server.common.data.id.UUIDBased;
import org.thingsboard.server.common.data.id.UserCredentialsId;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.page.PageData;
import org.thingsboard.server.common.data.page.PageLink;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.common.data.security.UserCredentials;
import org.thingsboard.server.common.data.security.event.UserCredentialsInvalidationEvent;
import org.thingsboard.server.dao.entity.AbstractEntityService;
import org.thingsboard.server.dao.entity.EntityCountService;
import org.thingsboard.server.dao.eventsourcing.ActionEntityEvent;
import org.thingsboard.server.dao.eventsourcing.DeleteEntityEvent;
import org.thingsboard.server.dao.eventsourcing.SaveEntityEvent;
import org.thingsboard.server.dao.exception.IncorrectParameterException;
import org.thingsboard.server.dao.service.DataValidator;
import org.thingsboard.server.dao.service.PaginatedRemover;
import org.thingsboard.server.dao.service.Validator;

@Service("UserDaoService")
/* loaded from: input_file:org/thingsboard/server/dao/user/UserServiceImpl.class */
public class UserServiceImpl extends AbstractEntityService implements UserService {
    private static final Logger log = LoggerFactory.getLogger(UserServiceImpl.class);
    public static final String USER_PASSWORD_HISTORY = "userPasswordHistory";
    private static final String LAST_LOGIN_TS = "lastLoginTs";
    private static final String FAILED_LOGIN_ATTEMPTS = "failedLoginAttempts";
    private static final int DEFAULT_TOKEN_LENGTH = 30;
    public static final String INCORRECT_USER_ID = "Incorrect userId ";
    public static final String INCORRECT_TENANT_ID = "Incorrect tenantId ";
    private static final String USER_CREDENTIALS_ENABLED = "userCredentialsEnabled";

    @Value("${security.user_login_case_sensitive:true}")
    private boolean userLoginCaseSensitive;
    private final UserDao userDao;
    private final UserCredentialsDao userCredentialsDao;
    private final UserAuthSettingsDao userAuthSettingsDao;
    private final DataValidator<User> userValidator;
    private final DataValidator<UserCredentials> userCredentialsValidator;
    private final ApplicationEventPublisher eventPublisher;
    private final EntityCountService countService;
    private final PaginatedRemover<TenantId, User> tenantAdminsRemover = new PaginatedRemover<TenantId, User>() { // from class: org.thingsboard.server.dao.user.UserServiceImpl.2
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.PaginatedRemover
        public PageData<User> findEntities(TenantId tenantId, TenantId tenantId2, PageLink pageLink) {
            return UserServiceImpl.this.userDao.findTenantAdmins(tenantId2.getId(), pageLink);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.PaginatedRemover
        public void removeEntity(TenantId tenantId, User user) {
            UserServiceImpl.this.deleteUser(tenantId, user);
        }
    };
    private final PaginatedRemover<CustomerId, User> customerUsersRemover = new PaginatedRemover<CustomerId, User>() { // from class: org.thingsboard.server.dao.user.UserServiceImpl.3
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.PaginatedRemover
        public PageData<User> findEntities(TenantId tenantId, CustomerId customerId, PageLink pageLink) {
            return UserServiceImpl.this.userDao.findCustomerUsers(tenantId.getId(), customerId.getId(), pageLink);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.thingsboard.server.dao.service.PaginatedRemover
        public void removeEntity(TenantId tenantId, User user) {
            UserServiceImpl.this.deleteUser(tenantId, user);
        }
    };

    public User findUserByEmail(TenantId tenantId, String str) {
        log.trace("Executing findUserByEmail [{}]", str);
        Validator.validateString(str, "Incorrect email " + str);
        return this.userLoginCaseSensitive ? this.userDao.findByEmail(tenantId, str) : this.userDao.findByEmail(tenantId, str.toLowerCase());
    }

    public User findUserByTenantIdAndEmail(TenantId tenantId, String str) {
        log.trace("Executing findUserByTenantIdAndEmail [{}][{}]", tenantId, str);
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validateString(str, "Incorrect email " + str);
        return this.userDao.findByTenantIdAndEmail(tenantId, str);
    }

    public User findUserById(TenantId tenantId, UserId userId) {
        log.trace("Executing findUserById [{}]", userId);
        Validator.validateId((UUIDBased) userId, "Incorrect userId " + userId);
        return this.userDao.findById(tenantId, userId.getId());
    }

    public ListenableFuture<User> findUserByIdAsync(TenantId tenantId, UserId userId) {
        log.trace("Executing findUserByIdAsync [{}]", userId);
        Validator.validateId((UUIDBased) userId, "Incorrect userId " + userId);
        return this.userDao.findByIdAsync(tenantId, userId.getId());
    }

    public User saveUser(TenantId tenantId, User user) {
        log.trace("Executing saveUser [{}]", user);
        this.userValidator.validate(user, (v0) -> {
            return v0.getTenantId();
        });
        if (!this.userLoginCaseSensitive) {
            user.setEmail(user.getEmail().toLowerCase());
        }
        User save = this.userDao.save(user.getTenantId(), user);
        if (user.getId() == null) {
            this.countService.publishCountEntityEvictEvent(save.getTenantId(), EntityType.USER);
            UserCredentials userCredentials = new UserCredentials();
            userCredentials.setEnabled(false);
            userCredentials.setActivateToken(StringUtils.generateSafeToken(DEFAULT_TOKEN_LENGTH));
            userCredentials.setUserId(new UserId(save.getUuidId()));
            userCredentials.setAdditionalInfo(JacksonUtil.newObjectNode());
            this.userCredentialsDao.save(user.getTenantId(), userCredentials);
        }
        this.eventPublisher.publishEvent(SaveEntityEvent.builder().tenantId(tenantId == null ? TenantId.SYS_TENANT_ID : tenantId).entity(save).entityId(save.getId()).added(Boolean.valueOf(user.getId() == null)).build());
        return save;
    }

    public UserCredentials findUserCredentialsByUserId(TenantId tenantId, UserId userId) {
        log.trace("Executing findUserCredentialsByUserId [{}]", userId);
        Validator.validateId((UUIDBased) userId, "Incorrect userId " + userId);
        return this.userCredentialsDao.findByUserId(tenantId, userId.getId());
    }

    public UserCredentials findUserCredentialsByActivateToken(TenantId tenantId, String str) {
        log.trace("Executing findUserCredentialsByActivateToken [{}]", str);
        Validator.validateString(str, "Incorrect activateToken " + str);
        return this.userCredentialsDao.findByActivateToken(tenantId, str);
    }

    public UserCredentials findUserCredentialsByResetToken(TenantId tenantId, String str) {
        log.trace("Executing findUserCredentialsByResetToken [{}]", str);
        Validator.validateString(str, "Incorrect resetToken " + str);
        return this.userCredentialsDao.findByResetToken(tenantId, str);
    }

    public UserCredentials saveUserCredentials(TenantId tenantId, UserCredentials userCredentials) {
        log.trace("Executing saveUserCredentials [{}]", userCredentials);
        this.userCredentialsValidator.validate(userCredentials, userCredentials2 -> {
            return tenantId;
        });
        UserCredentials save = this.userCredentialsDao.save(tenantId, userCredentials);
        this.eventPublisher.publishEvent(ActionEntityEvent.builder().tenantId(tenantId).entityId(userCredentials.getUserId()).actionType(ActionType.CREDENTIALS_UPDATED).build());
        return save;
    }

    public UserCredentials activateUserCredentials(TenantId tenantId, String str, String str2) {
        log.trace("Executing activateUserCredentials activateToken [{}], password [{}]", str, str2);
        Validator.validateString(str, "Incorrect activateToken " + str);
        Validator.validateString(str2, "Incorrect password " + str2);
        UserCredentials findByActivateToken = this.userCredentialsDao.findByActivateToken(tenantId, str);
        if (findByActivateToken == null) {
            throw new IncorrectParameterException(String.format("Unable to find user credentials by activateToken [%s]", str));
        }
        if (findByActivateToken.isEnabled()) {
            throw new IncorrectParameterException("User credentials already activated");
        }
        findByActivateToken.setEnabled(true);
        findByActivateToken.setActivateToken((String) null);
        findByActivateToken.setPassword(str2);
        if (findByActivateToken.getPassword() != null) {
            updatePasswordHistory(findByActivateToken);
        }
        return saveUserCredentials(tenantId, findByActivateToken);
    }

    public UserCredentials requestPasswordReset(TenantId tenantId, String str) {
        log.trace("Executing requestPasswordReset email [{}]", str);
        DataValidator.validateEmail(str);
        User findUserByEmail = findUserByEmail(tenantId, str);
        if (findUserByEmail == null) {
            throw new UsernameNotFoundException(String.format("Unable to find user by email [%s]", str));
        }
        UserCredentials findByUserId = this.userCredentialsDao.findByUserId(tenantId, findUserByEmail.getUuidId());
        if (!findByUserId.isEnabled()) {
            throw new DisabledException(String.format("User credentials not enabled [%s]", str));
        }
        findByUserId.setResetToken(StringUtils.generateSafeToken(DEFAULT_TOKEN_LENGTH));
        return saveUserCredentials(tenantId, findByUserId);
    }

    public UserCredentials requestExpiredPasswordReset(TenantId tenantId, UserCredentialsId userCredentialsId) {
        UserCredentials findById = this.userCredentialsDao.findById(tenantId, userCredentialsId.getId());
        if (!findById.isEnabled()) {
            throw new IncorrectParameterException("Unable to reset password for inactive user");
        }
        findById.setResetToken(StringUtils.generateSafeToken(DEFAULT_TOKEN_LENGTH));
        return saveUserCredentials(tenantId, findById);
    }

    public UserCredentials replaceUserCredentials(TenantId tenantId, UserCredentials userCredentials) {
        log.trace("Executing replaceUserCredentials [{}]", userCredentials);
        this.userCredentialsValidator.validate(userCredentials, userCredentials2 -> {
            return tenantId;
        });
        this.userCredentialsDao.removeById(tenantId, userCredentials.getUuidId());
        userCredentials.setId((UUIDBased) null);
        if (userCredentials.getPassword() != null) {
            updatePasswordHistory(userCredentials);
        }
        UserCredentials save = this.userCredentialsDao.save(tenantId, userCredentials);
        this.eventPublisher.publishEvent(ActionEntityEvent.builder().tenantId(tenantId).entityId(userCredentials.getUserId()).actionType(ActionType.CREDENTIALS_UPDATED).build());
        return save;
    }

    @Transactional
    public void deleteUser(TenantId tenantId, User user) {
        Objects.requireNonNull(user, "User is null");
        EntityId id = user.getId();
        log.trace("[{}] Executing deleteUser [{}]", tenantId, id);
        Validator.validateId((UUIDBased) id, "Incorrect userId " + id);
        this.userCredentialsDao.removeById(tenantId, this.userCredentialsDao.findByUserId(tenantId, id.getId()).getUuidId());
        this.userAuthSettingsDao.removeByUserId(id);
        deleteEntityRelations(tenantId, id);
        this.userDao.removeById(tenantId, id.getId());
        this.eventPublisher.publishEvent(new UserCredentialsInvalidationEvent(id));
        this.countService.publishCountEntityEvictEvent(tenantId, EntityType.USER);
        this.eventPublisher.publishEvent(DeleteEntityEvent.builder().tenantId(tenantId).entityId(id).entity(user).build());
    }

    public PageData<User> findUsersByTenantId(TenantId tenantId, PageLink pageLink) {
        log.trace("Executing findUsersByTenantId, tenantId [{}], pageLink [{}]", tenantId, pageLink);
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validatePageLink(pageLink);
        return this.userDao.findByTenantId(tenantId.getId(), pageLink);
    }

    public PageData<User> findTenantAdmins(TenantId tenantId, PageLink pageLink) {
        log.trace("Executing findTenantAdmins, tenantId [{}], pageLink [{}]", tenantId, pageLink);
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validatePageLink(pageLink);
        return this.userDao.findTenantAdmins(tenantId.getId(), pageLink);
    }

    public PageData<User> findSysAdmins(PageLink pageLink) {
        return this.userDao.findAllByAuthority(Authority.SYS_ADMIN, pageLink);
    }

    public PageData<User> findAllTenantAdmins(PageLink pageLink) {
        return this.userDao.findAllByAuthority(Authority.TENANT_ADMIN, pageLink);
    }

    public PageData<User> findTenantAdminsByTenantsIds(List<TenantId> list, PageLink pageLink) {
        return this.userDao.findByAuthorityAndTenantsIds(Authority.TENANT_ADMIN, list, pageLink);
    }

    public PageData<User> findTenantAdminsByTenantProfilesIds(List<TenantProfileId> list, PageLink pageLink) {
        return this.userDao.findByAuthorityAndTenantProfilesIds(Authority.TENANT_ADMIN, list, pageLink);
    }

    public PageData<User> findAllUsers(PageLink pageLink) {
        return this.userDao.findAll(pageLink);
    }

    public void deleteTenantAdmins(TenantId tenantId) {
        log.trace("Executing deleteTenantAdmins, tenantId [{}]", tenantId);
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        this.tenantAdminsRemover.removeEntities(tenantId, tenantId);
    }

    public PageData<User> findCustomerUsers(TenantId tenantId, CustomerId customerId, PageLink pageLink) {
        log.trace("Executing findCustomerUsers, tenantId [{}], customerId [{}], pageLink [{}]", new Object[]{tenantId, customerId, pageLink});
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validateId((UUIDBased) customerId, "Incorrect customerId " + customerId);
        Validator.validatePageLink(pageLink);
        return this.userDao.findCustomerUsers(tenantId.getId(), customerId.getId(), pageLink);
    }

    public PageData<User> findUsersByCustomerIds(TenantId tenantId, List<CustomerId> list, PageLink pageLink) {
        log.trace("Executing findTenantAndCustomerUsers, tenantId [{}], customerIds [{}], pageLink [{}]", new Object[]{tenantId, list, pageLink});
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validatePageLink(pageLink);
        list.forEach(customerId -> {
            Validator.validateId((UUIDBased) customerId, "Incorrect customerId " + customerId);
        });
        return this.userDao.findUsersByCustomerIds(tenantId.getId(), list, pageLink);
    }

    public void deleteCustomerUsers(TenantId tenantId, CustomerId customerId) {
        log.trace("Executing deleteCustomerUsers, customerId [{}]", customerId);
        Validator.validateId((UUIDBased) tenantId, "Incorrect tenantId " + tenantId);
        Validator.validateId((UUIDBased) customerId, "Incorrect customerId " + customerId);
        this.customerUsersRemover.removeEntities(tenantId, customerId);
    }

    public void setUserCredentialsEnabled(TenantId tenantId, UserId userId, boolean z) {
        log.trace("Executing setUserCredentialsEnabled [{}], [{}]", userId, Boolean.valueOf(z));
        Validator.validateId((UUIDBased) userId, "Incorrect userId " + userId);
        UserCredentials findByUserId = this.userCredentialsDao.findByUserId(tenantId, userId.getId());
        findByUserId.setEnabled(z);
        saveUserCredentials(tenantId, findByUserId);
        User findUserById = findUserById(tenantId, userId);
        ObjectNode additionalInfo = findUserById.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = JacksonUtil.newObjectNode();
        }
        additionalInfo.put(USER_CREDENTIALS_ENABLED, z);
        findUserById.setAdditionalInfo(additionalInfo);
        if (z) {
            resetFailedLoginAttempts(findUserById);
        }
        this.userDao.save(findUserById.getTenantId(), findUserById);
    }

    public void resetFailedLoginAttempts(TenantId tenantId, UserId userId) {
        log.trace("Executing onUserLoginSuccessful [{}]", userId);
        User findUserById = findUserById(tenantId, userId);
        resetFailedLoginAttempts(findUserById);
        saveUser(tenantId, findUserById);
    }

    private void resetFailedLoginAttempts(User user) {
        ObjectNode additionalInfo = user.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = JacksonUtil.newObjectNode();
        }
        additionalInfo.put(FAILED_LOGIN_ATTEMPTS, 0);
        user.setAdditionalInfo(additionalInfo);
    }

    public void setLastLoginTs(TenantId tenantId, UserId userId) {
        User findUserById = findUserById(tenantId, userId);
        ObjectNode additionalInfo = findUserById.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = JacksonUtil.newObjectNode();
        }
        additionalInfo.put(LAST_LOGIN_TS, System.currentTimeMillis());
        findUserById.setAdditionalInfo(additionalInfo);
        saveUser(tenantId, findUserById);
    }

    public int increaseFailedLoginAttempts(TenantId tenantId, UserId userId) {
        log.trace("Executing onUserLoginIncorrectCredentials [{}]", userId);
        User findUserById = findUserById(tenantId, userId);
        int increaseFailedLoginAttempts = increaseFailedLoginAttempts(findUserById);
        saveUser(tenantId, findUserById);
        return increaseFailedLoginAttempts;
    }

    private int increaseFailedLoginAttempts(User user) {
        ObjectNode additionalInfo = user.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = JacksonUtil.newObjectNode();
        }
        int i = 0;
        if (additionalInfo.has(FAILED_LOGIN_ATTEMPTS)) {
            i = additionalInfo.get(FAILED_LOGIN_ATTEMPTS).asInt();
        }
        int i2 = i + 1;
        additionalInfo.put(FAILED_LOGIN_ATTEMPTS, i2);
        user.setAdditionalInfo(additionalInfo);
        return i2;
    }

    private void updatePasswordHistory(UserCredentials userCredentials) {
        ObjectNode additionalInfo = userCredentials.getAdditionalInfo();
        if (!(additionalInfo instanceof ObjectNode)) {
            additionalInfo = JacksonUtil.newObjectNode();
        }
        Map map = null;
        if (additionalInfo.has(USER_PASSWORD_HISTORY)) {
            map = (Map) JacksonUtil.convertValue(additionalInfo.get(USER_PASSWORD_HISTORY), new TypeReference<Map<String, String>>() { // from class: org.thingsboard.server.dao.user.UserServiceImpl.1
            });
        }
        if (map != null) {
            map.put(Long.toString(System.currentTimeMillis()), userCredentials.getPassword());
            additionalInfo.replace(USER_PASSWORD_HISTORY, JacksonUtil.valueToTree(map));
        } else {
            HashMap hashMap = new HashMap();
            hashMap.put(Long.toString(System.currentTimeMillis()), userCredentials.getPassword());
            additionalInfo.set(USER_PASSWORD_HISTORY, JacksonUtil.valueToTree(hashMap));
        }
        userCredentials.setAdditionalInfo(additionalInfo);
    }

    public Optional<HasId<?>> findEntity(TenantId tenantId, EntityId entityId) {
        return Optional.ofNullable(findUserById(tenantId, new UserId(entityId.getId())));
    }

    public long countByTenantId(TenantId tenantId) {
        return this.userDao.countByTenantId(tenantId).longValue();
    }

    public EntityType getEntityType() {
        return EntityType.USER;
    }

    @ConstructorProperties({"userDao", "userCredentialsDao", "userAuthSettingsDao", "userValidator", "userCredentialsValidator", "eventPublisher", "countService"})
    public UserServiceImpl(UserDao userDao, UserCredentialsDao userCredentialsDao, UserAuthSettingsDao userAuthSettingsDao, DataValidator<User> dataValidator, DataValidator<UserCredentials> dataValidator2, ApplicationEventPublisher applicationEventPublisher, EntityCountService entityCountService) {
        this.userDao = userDao;
        this.userCredentialsDao = userCredentialsDao;
        this.userAuthSettingsDao = userAuthSettingsDao;
        this.userValidator = dataValidator;
        this.userCredentialsValidator = dataValidator2;
        this.eventPublisher = applicationEventPublisher;
        this.countService = entityCountService;
    }
}
