package org.squashtest.tm.plugin.openid.connect.service;

import jakarta.inject.Inject;
import java.util.ArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.stereotype.Service;
import org.squashtest.tm.domain.users.User;
import org.squashtest.tm.exception.user.LoginAlreadyExistsException;
import org.squashtest.tm.service.security.OidcUserCreatorService;
import org.squashtest.tm.service.user.UserAdministrationService;

@Service
/* loaded from: input_file:org/squashtest/tm/plugin/openid/connect/service/OidcUserCreatorServiceImpl.class */
public class OidcUserCreatorServiceImpl implements OidcUserCreatorService {
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcUserCreatorServiceImpl.class);

    @Inject
    private UserAdministrationService userAdministrationService;

    @Inject
    private UserDetailsManager userDetailsManager;

    public void createMissingSquashUser(Authentication authentication) {
        try {
            this.userAdministrationService.checkLoginAvailability(authentication.getName());
            createUserFromPrincipal(authentication);
        } catch (LoginAlreadyExistsException e) {
            LOGGER.info("Authenticated principal matches an existing User, no new user will be created.", e);
        }
    }

    private void createUserFromPrincipal(Authentication authentication) {
        try {
            createUserAccount(authentication);
            createSpringSecAccount(authentication);
        } catch (LoginAlreadyExistsException e) {
            LOGGER.warn("Something went wrong while trying to create missing authenticated user", e);
        }
    }

    private void createUserAccount(Authentication authentication) {
        User createFromLogin = User.createFromLogin(authentication.getName().trim());
        if (authentication instanceof OAuth2LoginAuthenticationToken) {
            populateExtraAccountInformationFromOAuth2Token((OAuth2LoginAuthenticationToken) authentication, createFromLogin);
        }
        this.userAdministrationService.createUserWithoutCredentials(createFromLogin, "squashtest.authz.group.tm.User");
    }

    private void populateExtraAccountInformationFromOAuth2Token(OAuth2LoginAuthenticationToken oAuth2LoginAuthenticationToken, User user) {
        DefaultOidcUser principal = oAuth2LoginAuthenticationToken.getPrincipal();
        if (principal.hasClaim("email") && principal.getEmail() != null && !principal.getEmail().isBlank()) {
            user.setEmail(principal.getEmail());
        }
        String str = (String) principal.getAttribute("name");
        if (str == null || str.isBlank()) {
            return;
        }
        user.setLastName(str);
    }

    private void createSpringSecAccount(Authentication authentication) {
        this.userDetailsManager.createUser(new org.springframework.security.core.userdetails.User(authentication.getName().trim(), "", new ArrayList()));
    }
}
