package io.gravitee.am.management.handlers.management.api.resources.organizations.environments.domains;

import io.gravitee.am.management.handlers.management.api.model.ApplicationEntity;
import io.gravitee.am.management.handlers.management.api.model.PasswordValue;
import io.gravitee.am.management.handlers.management.api.model.StatusEntity;
import io.gravitee.am.management.handlers.management.api.model.UserEntity;
import io.gravitee.am.management.handlers.management.api.model.UsernameEntity;
import io.gravitee.am.management.handlers.management.api.resources.AbstractResource;
import io.gravitee.am.management.service.IdentityProviderManager;
import io.gravitee.am.management.service.IdentityProviderServiceProxy;
import io.gravitee.am.management.service.UserService;
import io.gravitee.am.model.Acl;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.User;
import io.gravitee.am.model.permissions.Permission;
import io.gravitee.am.service.ApplicationService;
import io.gravitee.am.service.DomainService;
import io.gravitee.am.service.exception.DomainNotFoundException;
import io.gravitee.am.service.exception.UserNotFoundException;
import io.gravitee.am.service.model.UpdateUser;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.functions.Action;
import io.reactivex.rxjava3.functions.Consumer;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.PATCH;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.container.AsyncResponse;
import jakarta.ws.rs.container.ResourceContext;
import jakarta.ws.rs.container.Suspended;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import java.util.Objects;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:io/gravitee/am/management/handlers/management/api/resources/organizations/environments/domains/UserResource.class */
public class UserResource extends AbstractResource {

    @Context
    private ResourceContext resourceContext;

    @Autowired
    private UserService userService;

    @Autowired
    private DomainService domainService;

    @Autowired
    private IdentityProviderServiceProxy identityProviderService;

    @Autowired
    private ApplicationService applicationService;

    @Autowired
    private IdentityProviderManager identityProviderManager;

    @Produces({"application/json"})
    @Operation(operationId = "findUser", summary = "Get a user", description = "User must have the DOMAIN_USER[READ] permission on the specified domain or DOMAIN_USER[READ] permission on the specified environment or DOMAIN_USER[READ] permission on the specified organization")
    @GET
    @ApiResponses({@ApiResponse(responseCode = "200", description = "User successfully fetched", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = UserEntity.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void get(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Suspended AsyncResponse asyncResponse) {
        Maybe andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.READ).andThen(this.domainService.findById(str3).switchIfEmpty(Maybe.error(new DomainNotFoundException(str3))).flatMap(domain -> {
            return this.userService.findById(str4);
        }).switchIfEmpty(Maybe.error(new UserNotFoundException(str4))).flatMap(user -> {
            return (user.getReferenceType() != ReferenceType.DOMAIN || user.getReferenceId().equalsIgnoreCase(str3)) ? Maybe.just(new UserEntity(user)) : Maybe.error(new BadRequestException("User does not belong to domain"));
        }).flatMap(this::enhanceSourceIdentity).flatMap(this::enhanceLastIdentityUsed).flatMap(this::enhanceClient));
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = (v1) -> {
            r1.resume(v1);
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(consumer, asyncResponse::resume);
    }

    @Produces({"application/json"})
    @Operation(operationId = "updateUser", summary = "Update a user", description = "User must have the DOMAIN_USER[UPDATE] permission on the specified domain or DOMAIN_USER[UPDATE] permission on the specified environment or DOMAIN_USER[UPDATE] permission on the specified organization")
    @PUT
    @Consumes({"application/json"})
    @ApiResponses({@ApiResponse(responseCode = "201", description = "User successfully updated", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = User.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void updateUser(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Parameter(name = "user", required = true) @Valid @NotNull UpdateUser updateUser, @Suspended AsyncResponse asyncResponse) {
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Maybe andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.UPDATE).andThen(this.domainService.findById(str3).switchIfEmpty(Maybe.error(new DomainNotFoundException(str3))).flatMapSingle(domain -> {
            return this.userService.update(ReferenceType.DOMAIN, str3, str4, updateUser, authenticatedUser);
        }).map(UserEntity::new));
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = (v1) -> {
            r1.resume(v1);
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(consumer, asyncResponse::resume);
    }

    @Produces({"application/json"})
    @Operation(operationId = "updateUserStatus", summary = "Update a user status", description = "User must have the DOMAIN_USER[UPDATE] permission on the specified domain or DOMAIN_USER[UPDATE] permission on the specified environment or DOMAIN_USER[UPDATE] permission on the specified organization")
    @PUT
    @Path("/status")
    @Consumes({"application/json"})
    @ApiResponses({@ApiResponse(responseCode = "201", description = "User status successfully updated", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = User.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void updateUserStatus(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Parameter(name = "status", required = true) @Valid @NotNull StatusEntity statusEntity, @Suspended AsyncResponse asyncResponse) {
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Maybe andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.UPDATE).andThen(this.domainService.findById(str3).switchIfEmpty(Maybe.error(new DomainNotFoundException(str3))).flatMapSingle(domain -> {
            return this.userService.updateStatus(str3, str4, statusEntity.isEnabled(), authenticatedUser);
        }));
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = (v1) -> {
            r1.resume(v1);
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(consumer, asyncResponse::resume);
    }

    @Produces({"application/json"})
    @Operation(operationId = "updateUsername", summary = "Update a user username", description = "User must have the DOMAIN_USER[UPDATE] permission on the specified domain or DOMAIN_USER[UPDATE] permission on the specified environment or DOMAIN_USER[UPDATE] permission on the specified organization")
    @PATCH
    @Path("/username")
    @Consumes({"application/json"})
    @ApiResponses({@ApiResponse(responseCode = "201", description = "User username successfully updated", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = User.class))}), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void updateUsername(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Parameter(name = "username", required = true) @Valid @NotNull UsernameEntity usernameEntity, @Suspended AsyncResponse asyncResponse) {
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Maybe andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.UPDATE).andThen(this.domainService.findById(str3).switchIfEmpty(Maybe.error(new DomainNotFoundException(str3))).flatMapSingle(domain -> {
            return this.userService.updateUsername(ReferenceType.DOMAIN, str3, str4, usernameEntity.getUsername().trim(), authenticatedUser);
        }));
        Objects.requireNonNull(asyncResponse);
        Consumer consumer = (v1) -> {
            r1.resume(v1);
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(consumer, asyncResponse::resume);
    }

    @DELETE
    @Operation(operationId = "deleteUser", summary = "Delete a user", description = "User must have the DOMAIN_USER[DELETE] permission on the specified domain or DOMAIN_USER[DELETE] permission on the specified environment or DOMAIN_USER[DELETE] permission on the specified organization")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "User successfully deleted"), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void delete(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Suspended AsyncResponse asyncResponse) {
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Completable andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.DELETE).andThen(this.domainService.findById(str3).switchIfEmpty(Maybe.error(new DomainNotFoundException(str3))).flatMapCompletable(domain -> {
            return this.userService.delete(ReferenceType.DOMAIN, str3, str4, authenticatedUser);
        }));
        Action action = () -> {
            asyncResponse.resume(Response.noContent().build());
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(action, asyncResponse::resume);
    }

    @Operation(operationId = "resetPassword", summary = "Reset password", description = "User must have the DOMAIN_USER[UPDATE] permission on the specified domain or DOMAIN_USER[UPDATE] permission on the specified environment or DOMAIN_USER[UPDATE] permission on the specified organization")
    @POST
    @Path("resetPassword")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Password reset"), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void resetPassword(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Parameter(name = "password", required = true) @Valid @NotNull PasswordValue passwordValue, @Suspended AsyncResponse asyncResponse) {
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Completable andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.UPDATE).andThen(this.domainService.findById(str3).switchIfEmpty(Maybe.error(new DomainNotFoundException(str3))).flatMapCompletable(domain -> {
            return this.userService.resetPassword(domain, str4, passwordValue.getPassword(), authenticatedUser);
        }));
        Action action = () -> {
            asyncResponse.resume(Response.noContent().build());
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(action, asyncResponse::resume);
    }

    @Operation(operationId = "sendRegistrationConfirmation", summary = "Send registration confirmation email", description = "User must have the DOMAIN_USER[UPDATE] permission on the specified domain or DOMAIN_USER[UPDATE] permission on the specified environment or DOMAIN_USER[UPDATE] permission on the specified organization")
    @POST
    @Path("sendRegistrationConfirmation")
    @ApiResponses({@ApiResponse(responseCode = "200", description = "Email sent"), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void sendRegistrationConfirmation(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Suspended AsyncResponse asyncResponse) {
        Completable andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.UPDATE).andThen(this.userService.sendRegistrationConfirmation(str3, str4, getAuthenticatedUser()));
        Action action = () -> {
            asyncResponse.resume(Response.noContent().build());
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(action, asyncResponse::resume);
    }

    @Operation(operationId = "lockUser", summary = "Lock a user", description = "User must have the DOMAIN_USER[UPDATE] permission on the specified domain or DOMAIN_USER[UPDATE] permission on the specified environment or DOMAIN_USER[UPDATE] permission on the specified organization")
    @POST
    @Path("lock")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "User locked"), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void lockUser(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Suspended AsyncResponse asyncResponse) {
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Completable andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.UPDATE).andThen(this.domainService.findById(str3).switchIfEmpty(Maybe.error(new DomainNotFoundException(str3))).flatMapCompletable(domain -> {
            return this.userService.lock(ReferenceType.DOMAIN, str3, str4, authenticatedUser);
        }));
        Action action = () -> {
            asyncResponse.resume(Response.noContent().build());
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(action, asyncResponse::resume);
    }

    @Operation(operationId = "unlockUser", summary = "Unlock a user", description = "User must have the DOMAIN_USER[UPDATE] permission on the specified domain or DOMAIN_USER[UPDATE] permission on the specified environment or DOMAIN_USER[UPDATE] permission on the specified organization")
    @POST
    @Path("unlock")
    @ApiResponses({@ApiResponse(responseCode = "204", description = "User unlocked"), @ApiResponse(responseCode = "500", description = "Internal server error")})
    public void unlockUser(@PathParam("organizationId") String str, @PathParam("environmentId") String str2, @PathParam("domain") String str3, @PathParam("user") String str4, @Suspended AsyncResponse asyncResponse) {
        io.gravitee.am.identityprovider.api.User authenticatedUser = getAuthenticatedUser();
        Completable andThen = checkAnyPermission(str, str2, str3, Permission.DOMAIN_USER, Acl.UPDATE).andThen(this.domainService.findById(str3).switchIfEmpty(Maybe.error(new DomainNotFoundException(str3))).flatMapCompletable(domain -> {
            return this.userService.unlock(ReferenceType.DOMAIN, str3, str4, authenticatedUser);
        }));
        Action action = () -> {
            asyncResponse.resume(Response.noContent().build());
        };
        Objects.requireNonNull(asyncResponse);
        andThen.subscribe(action, asyncResponse::resume);
    }

    @Path("consents")
    public UserConsentsResource getUserConsentsResource() {
        return (UserConsentsResource) this.resourceContext.getResource(UserConsentsResource.class);
    }

    @Path("roles")
    public UserRolesResource getUserRolesResource() {
        return (UserRolesResource) this.resourceContext.getResource(UserRolesResource.class);
    }

    @Path("factors")
    public UserFactorsResource getUserFactorsResource() {
        return (UserFactorsResource) this.resourceContext.getResource(UserFactorsResource.class);
    }

    @Path("credentials")
    public UserCredentialsResource getUserCredentialsResource() {
        return (UserCredentialsResource) this.resourceContext.getResource(UserCredentialsResource.class);
    }

    @Path("devices")
    public DevicesResource getUserDevicesResource() {
        return (DevicesResource) this.resourceContext.getResource(DevicesResource.class);
    }

    @Path("audits")
    public UserAuditsResource getUserAuditsResource() {
        return (UserAuditsResource) this.resourceContext.getResource(UserAuditsResource.class);
    }

    @Path("identities")
    public UserIdentitiesResource getUserIdentitiesResource() {
        return (UserIdentitiesResource) this.resourceContext.getResource(UserIdentitiesResource.class);
    }

    private Maybe<UserEntity> enhanceSourceIdentity(UserEntity userEntity) {
        return userEntity.getSource() == null ? Maybe.just(userEntity) : this.identityProviderService.findById(userEntity.getSource()).flatMap(identityProvider -> {
            userEntity.setSource(identityProvider.getName());
            userEntity.setInternal(false);
            return this.identityProviderManager.getUserProvider(userEntity.getSourceId()).map(userProvider -> {
                userEntity.setInternal(true);
                return userEntity;
            }).defaultIfEmpty(userEntity).toMaybe();
        }).defaultIfEmpty(userEntity).toMaybe();
    }

    private Maybe<UserEntity> enhanceLastIdentityUsed(UserEntity userEntity) {
        if (userEntity.getLastIdentityUsed() == null) {
            return Maybe.just(userEntity);
        }
        if (!userEntity.getLastIdentityUsed().equals(userEntity.getSourceId())) {
            return this.identityProviderService.findById(userEntity.getLastIdentityUsed()).map(identityProvider -> {
                userEntity.setLastIdentityUsed(identityProvider.getName());
                return userEntity;
            }).defaultIfEmpty(userEntity).toMaybe();
        }
        userEntity.setLastIdentityUsed(userEntity.getSource());
        return Maybe.just(userEntity);
    }

    private Maybe<UserEntity> enhanceClient(UserEntity userEntity) {
        return userEntity.getClient() != null ? this.applicationService.findById(userEntity.getClient()).switchIfEmpty(Maybe.defer(() -> {
            return this.applicationService.findByDomainAndClientId(userEntity.getReferenceId(), userEntity.getClient());
        })).map(application -> {
            userEntity.setApplicationEntity(new ApplicationEntity(application));
            return userEntity;
        }).defaultIfEmpty(userEntity).toMaybe() : Maybe.just(userEntity);
    }
}
