package org.squashtest.tm.service.internal.user;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import javax.inject.Inject;
import org.jooq.DSLContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.squashtest.csp.core.bugtracker.core.BugTrackerNoCredentialsException;
import org.squashtest.tm.api.security.acls.Roles;
import org.squashtest.tm.domain.UnauthorizedPasswordChange;
import org.squashtest.tm.domain.bugtracker.BugTracker;
import org.squashtest.tm.domain.milestone.Milestone;
import org.squashtest.tm.domain.servers.Credentials;
import org.squashtest.tm.domain.users.Party;
import org.squashtest.tm.domain.users.User;
import org.squashtest.tm.exception.WrongPasswordException;
import org.squashtest.tm.exception.WrongStringSizeException;
import org.squashtest.tm.security.UserContextHolder;
import org.squashtest.tm.service.bugtracker.BugTrackerFinderService;
import org.squashtest.tm.service.bugtracker.BugTrackersService;
import org.squashtest.tm.service.internal.display.grid.GridRequest;
import org.squashtest.tm.service.internal.display.grid.GridResponse;
import org.squashtest.tm.service.internal.display.grid.useraccount.PersonalApiTokenGrid;
import org.squashtest.tm.service.internal.dto.UserDto;
import org.squashtest.tm.service.internal.repository.ApiTokenDao;
import org.squashtest.tm.service.internal.repository.BugTrackerDao;
import org.squashtest.tm.service.internal.repository.TeamDao;
import org.squashtest.tm.service.internal.repository.UserDao;
import org.squashtest.tm.service.project.CustomGenericProjectManager;
import org.squashtest.tm.service.project.CustomProjectFinder;
import org.squashtest.tm.service.project.ProjectsPermissionManagementService;
import org.squashtest.tm.service.security.Authorizations;
import org.squashtest.tm.service.security.PermissionEvaluationService;
import org.squashtest.tm.service.security.UserAuthenticationService;
import org.squashtest.tm.service.security.UserContextService;
import org.squashtest.tm.service.security.acls.model.ObjectAclService;
import org.squashtest.tm.service.servers.ManageableCredentials;
import org.squashtest.tm.service.servers.StoredCredentialsManager;
import org.squashtest.tm.service.user.TeamModificationService;
import org.squashtest.tm.service.user.UserAccountService;
import org.squashtest.tm.service.user.UserManagerService;
import org.squashtest.tm.web.backend.controller.connection.logs.ConnectionLogsController;

@Transactional
@Service("squashtest.tm.service.UserAccountService")
/* loaded from: input_file:WEB-INF/lib/tm.service-7.4.1.RELEASE.jar:org/squashtest/tm/service/internal/user/UserAccountServiceImpl.class */
public class UserAccountServiceImpl implements UserAccountService {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) UserAccountServiceImpl.class);
    private static final List<String> JIRA_BUGTRACKER_KINDS = Arrays.asList("jira.xsquash", "jira.rest", "jira.cloud");

    @Inject
    private UserDao userDao;

    @Inject
    private UserContextService userContextService;

    @Inject
    private UserAuthenticationService authService;

    @Inject
    private CustomGenericProjectManager customGenericProjectManager;

    @Inject
    private TeamModificationService teamModificationService;

    @Inject
    private ProjectsPermissionManagementService projectsPermissionManagementService;

    @Inject
    private UserManagerService userManager;

    @Inject
    private PermissionEvaluationService permissionEvaluationService;

    @Inject
    private TeamDao teamDao;

    @Inject
    private BugTrackerFinderService bugTrackerFinder;

    @Inject
    private StoredCredentialsManager storedCredentialsManager;

    @Inject
    private BugTrackerDao bugTrackerDao;

    @Inject
    private BugTrackersService bugTrackerService;

    @Inject
    private ObjectAclService aclService;

    @Inject
    private CustomProjectFinder customProjectFinder;

    @Inject
    private ApiTokenDao apiTokenDao;

    @Inject
    private DSLContext dsl;

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void modifyUserFirstName(long j, String str) {
        User one = this.userDao.getOne(Long.valueOf(j));
        checkPermissions(one);
        one.setFirstName(str);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void modifyUserLastName(long j, String str) {
        User one = this.userDao.getOne(Long.valueOf(j));
        checkPermissions(one);
        one.setLastName(str);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void modifyUserLogin(long j, String str) {
        String trim = str.trim();
        User one = this.userDao.getOne(Long.valueOf(j));
        if (trim.equals(one.getLogin())) {
            LOGGER.trace("no change of user login because old and new are the same");
            return;
        }
        LOGGER.debug("change login for user " + one.getLogin() + " to " + trim);
        checkPermissions(one);
        this.userManager.checkLoginAvailability(trim);
        checkMaxLength(trim);
        this.authService.changeUserlogin(trim, one.getLogin());
        one.setLogin(trim);
        this.aclService.updateDerivedPermissions(j);
    }

    private void checkMaxLength(String str) {
        if (str.length() > 100) {
            throw new WrongStringSizeException(ConnectionLogsController.ExportFileBuilder.LOGIN_KEY, 0, 100);
        }
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void modifyUserEmail(long j, String str) {
        User one = this.userDao.getOne(Long.valueOf(j));
        checkPermissions(one);
        one.setEmail(str);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    @Transactional(readOnly = true)
    public User findCurrentUser() {
        return this.userDao.findUserByLogin(this.userContextService.getUsername());
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public UserDto findCurrentUserDto() {
        String username = UserContextHolder.getUsername();
        Long findUserId = this.userDao.findUserId(username);
        return new UserDto(username, findUserId, new ArrayList(this.teamDao.findTeamIds(findUserId)), this.permissionEvaluationService.hasRole(Roles.ROLE_ADMIN));
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void setCurrentUserEmail(String str) {
        this.userDao.findUserByLogin(this.userContextService.getUsername()).setEmail(str);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    @Transactional(readOnly = true)
    public Party getParty(Long l) {
        return this.customGenericProjectManager.findPartyById(l.longValue());
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void setCurrentUserPassword(String str, String str2) {
        internalSetCurrentUserPassword(() -> {
            this.authService.changeAuthenticatedUserPassword(str, str2);
        });
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void setCurrentUserPassword(String str) {
        internalSetCurrentUserPassword(() -> {
            this.authService.resetAuthenticatedUserPassword(str);
        });
    }

    private void internalSetCurrentUserPassword(Runnable runnable) {
        if (!this.authService.canModifyUser()) {
            throw new UnauthorizedPasswordChange("The authentication service do not allow users to change their passwords using Squash");
        }
        try {
            runnable.run();
        } catch (BadCredentialsException e) {
            throw new WrongPasswordException("wrong password", e);
        }
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public boolean hasCurrentUserPasswordDefined() {
        return this.authService.hasAuthenticatedUserLocalPassword();
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void updateUserLastConnectionDate() {
        User findCurrentUser = findCurrentUser();
        findCurrentUser.setSkipModifyAudit(true);
        findCurrentUser.setLastConnectedOn(new Date());
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public List<BugTracker> findAllUserBugTracker() {
        return this.bugTrackerFinder.findDistinctBugTrackersForProjectWithOtherJiraBt(this.customProjectFinder.findAllReadableIds(), JIRA_BUGTRACKER_KINDS);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void saveCurrentUserCredentials(long j, ManageableCredentials manageableCredentials) {
        if (!manageableCredentials.allowsUserLevelStorage()) {
            throw new IllegalArgumentException("Refused to store credentials of type '" + manageableCredentials.getImplementedProtocol() + "' : business rules forbid to store such credentials as application-level credentials");
        }
        this.storedCredentialsManager.storeCurrentUserCredentials(j, manageableCredentials);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    @PreAuthorize(Authorizations.HAS_ROLE_ADMIN)
    public void deactivateUser(long j) {
        this.userDao.getOne(Long.valueOf(j)).setActive(false);
        deleteAllApiTokens(j);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    @PreAuthorize(Authorizations.HAS_ROLE_ADMIN)
    public void activateUser(long j) {
        this.userDao.getOne(Long.valueOf(j)).setActive(true);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void deleteUser(long j) {
        unassignUserFromAllTestPlan(j);
        this.teamModificationService.removeMemberFromAllTeams(j);
        this.projectsPermissionManagementService.removeProjectPermissionForAllProjects(j);
        this.storedCredentialsManager.deleteAllUserCredentials(j);
        deleteAllApiTokens(j);
    }

    private void unassignUserFromAllTestPlan(long j) {
        this.userDao.unassignFromAllCampaignTestPlan(j);
        this.userDao.unassignFromAllIterationTestPlan(j);
        this.userDao.unassignFromAllExploratoryExecutions(j);
    }

    private void deleteAllApiTokens(long j) {
        this.apiTokenDao.deleteAllByUserId(j);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public Collection<Milestone> findAllMilestonesForUser(long j) {
        return Collections.emptyList();
    }

    private void checkPermissions(User user) {
        if (!user.getLogin().equals(this.userContextService.getUsername()) && !this.userContextService.hasRole(Roles.ROLE_ADMIN)) {
            throw new AccessDeniedException("Access is denied");
        }
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void testCurrentUserCredentials(long j, ManageableCredentials manageableCredentials) {
        String username = this.userContextService.getUsername();
        BugTracker one = this.bugTrackerDao.getOne(Long.valueOf(j));
        Credentials build = manageableCredentials.build(this.storedCredentialsManager, one, username);
        if (build == null) {
            throw new BugTrackerNoCredentialsException("credentials could not be built, either because the credentials themselves are not suitable, or because the protocol configuration is incomplete/invalid", null);
        }
        this.bugTrackerService.testCredentials(one, build);
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public void deleteCurrentUserCredentials(long j) {
        this.storedCredentialsManager.deleteUserCredentials(j, this.userContextService.getUsername());
    }

    @Override // org.squashtest.tm.service.user.UserAccountService
    public GridResponse findPersonalApiTokens(GridRequest gridRequest) {
        return new PersonalApiTokenGrid(findCurrentUser().getId()).getRows(gridRequest, this.dsl);
    }
}
