package edu.harvard.catalyst.scheduler.service;

import com.Ostermiller.util.RandPass;
import com.google.common.base.Joiner;
import com.google.common.collect.Lists;
import edu.harvard.catalyst.hccrc.core.util.ListUtils;
import edu.harvard.catalyst.scheduler.core.Statics;
import edu.harvard.catalyst.scheduler.dto.BooleanResultDTO;
import edu.harvard.catalyst.scheduler.dto.LoginDTO;
import edu.harvard.catalyst.scheduler.dto.PasswordResetDTO;
import edu.harvard.catalyst.scheduler.dto.SearchDTO;
import edu.harvard.catalyst.scheduler.dto.UserDTO;
import edu.harvard.catalyst.scheduler.dto.response.GetUsersResponse;
import edu.harvard.catalyst.scheduler.dto.response.UserDataResponse;
import edu.harvard.catalyst.scheduler.dto.response.UserDetailResponse;
import edu.harvard.catalyst.scheduler.entity.Institution;
import edu.harvard.catalyst.scheduler.entity.InstitutionRole;
import edu.harvard.catalyst.scheduler.entity.InstitutionRoleType;
import edu.harvard.catalyst.scheduler.entity.Role;
import edu.harvard.catalyst.scheduler.entity.User;
import edu.harvard.catalyst.scheduler.persistence.AuthDAO;
import edu.harvard.catalyst.scheduler.persistence.ResourceDAO;
import edu.harvard.catalyst.scheduler.persistence.StudyDAO;
import edu.harvard.catalyst.scheduler.security.SchedulerUserDetails;
import edu.harvard.catalyst.scheduler.util.MailHandler;
import edu.harvard.catalyst.scheduler.util.MailMessageBuilder;
import edu.harvard.catalyst.scheduler.util.MiscUtil;
import edu.harvard.catalyst.scheduler.util.OneWayPasswordEncoder;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import java.util.UUID;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mail.SimpleMailMessage;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/scheduler-core-3.7.2.jar:edu/harvard/catalyst/scheduler/service/AuthService.class */
public class AuthService implements ServiceHelpers {
    private final MailHandler mailHandler;
    private final AuthDAO authDAO;
    private final StudyDAO studyDAO;
    private final ResourceDAO resourceDAO;
    private final AuditService auditService;
    private static final Logger LOGGER = Logger.getLogger(AuthService.class);
    private static final int MIN_PASSWORD_LENGTH = 8;
    static final String NEW_USER_MESSAGE_START = "\n<html><head><title>%1s</title><style></style>\n</head>\n<body><p>Welcome to the CRC Scheduler.</p>\n<p><strong>%2s %3s,<strong></p>\n";
    static final String NEW_USER_MESSAGE_OPTIONAL_MIDDLE = "<p>You will have access to the system once approved by the Super Admin. Please wait for the final confirmation.</p>\n ";
    static final String NEW_USER_MESSAGE_END = "<p> You can go to %4s and click on the \"forgot password\" link to create a new random password.</p>\n <p>This will be emailed to you and then you may change your password once you have logged in.</p>\n</body>\n</html>\n";
    static final String MAIL_ADMIN_MESSAGE = "<html><head><title></title><style></style></head><body><p><strong>%1s %2s has registered.<strong></p>\n <p> You can go to %3s and activate the user.</p>\n<p>The user will be notified of their access to the system once the account is activated.</p>\n</body>\n</html>\n";

    @Autowired
    public AuthService(AuthDAO authDAO, StudyDAO studyDAO, ResourceDAO resourceDAO, AuditService auditService, MailHandler mailHandler) {
        this.authDAO = authDAO;
        this.studyDAO = studyDAO;
        this.resourceDAO = resourceDAO;
        this.auditService = auditService;
        this.mailHandler = mailHandler;
    }

    AuthService() {
        this(null, null, null, null, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SchedulerUserDetails authenticateUser(String str, String str2, String str3, String str4) {
        User authenticate = this.authDAO.authenticate(str, str2, str3);
        if (authenticate == null) {
            throw new BadCredentialsException("Invalid Username or Password");
        }
        if (!authenticate.getActive()) {
            throw new DisabledException("User inactive");
        }
        authenticate.setAuthStatus(1);
        return new SchedulerUserDetails(authenticate, this.authDAO.createUserSession(str3, str4, authenticate));
    }

    String generatePassword() {
        return new RandPass().getPass(8) + "$%!@#^&?".charAt(new Random().nextInt("$%!@#^&?".length()));
    }

    public boolean doPasswordReset(PasswordResetDTO passwordResetDTO) {
        User findUserByEmail = this.authDAO.findUserByEmail(passwordResetDTO.getEmail());
        if (findUserByEmail != null) {
            String generatePassword = generatePassword();
            String uuid = UUID.randomUUID().toString();
            findUserByEmail.setPassword(OneWayPasswordEncoder.getInstance().encode(generatePassword, uuid));
            findUserByEmail.setSalt(uuid);
            this.authDAO.updateEntity(findUserByEmail);
            StringBuilder sb = new StringBuilder();
            String str = "Password Reset for " + findUserByEmail.getFirstName() + " " + findUserByEmail.getLastName();
            sb.append("\n<html><head><title>").append(str).append("</title><style></style>\n</head>\n<body>");
            sb.append("<p><strong>").append(findUserByEmail.getFirstName()).append(findUserByEmail.getLastName()).append("<strong></p>\n");
            sb.append("<p>Your password has been reset to: ").append(generatePassword).append("</p>\n");
            sb.append("</body>\n").append("</html>\n");
            sb.append(str).append("\n").append(findUserByEmail.getFirstName()).append(" ").append(findUserByEmail.getLastName()).append("\nYour password has been reset to:").append(generatePassword);
            this.mailHandler.sendMandatoryEmails(new MailMessageBuilder().to(findUserByEmail.getEmail()).subject(str).text(sb.toString()).build());
        }
        return findUserByEmail != null;
    }

    public UserDTO doRegisterUser(UserDTO userDTO, String str, String str2, String str3, int i) {
        User user = new User();
        if (!testPassword(userDTO.getPassword())) {
            userDTO.setResult(false);
            userDTO.setErrorMsg(Statics.INSUFFICIENT_PASSWORD);
            return userDTO;
        }
        setupUser(userDTO, user, InstitutionRoleType.ROLE_STUDY_STAFF);
        if (!userDTO.isResult()) {
            return userDTO;
        }
        String makeUrl = makeUrl(str, str3, i);
        List<User> findSuperAdminByInstitutionRole = this.authDAO.findSuperAdminByInstitutionRole();
        String str4 = "New User Registered: " + user.getFirstName() + " " + user.getLastName();
        String makeEmailUserSubject = makeEmailUserSubject(user);
        Stream<R> map = findSuperAdminByInstitutionRole.stream().map(toMessage(str4, makeNewUserAdminMessage(user, makeUrl)));
        MailHandler mailHandler = this.mailHandler;
        mailHandler.getClass();
        map.forEach(mailHandler::sendMandatoryEmails);
        this.mailHandler.sendMandatoryEmails(toMessage(makeEmailUserSubject, makeNewUserMessage(makeEmailUserSubject, user, makeUrl, true)).apply(user));
        this.auditService.logUserActivity(str2, user, user, Statics.AUDIT_USER_CREATE, null, null);
        return userDTO;
    }

    String makeUrl(String str, String str2, int i) {
        return "https://" + str2 + ":" + i + str;
    }

    String makeEmailUserSubject(User user) {
        return "Welcome " + user.getFirstName() + " " + user.getLastName();
    }

    private void setupUser(UserDTO userDTO, User user, InstitutionRoleType institutionRoleType) {
        if (isBadEmailOrEcommonsId(userDTO)) {
            return;
        }
        String uuid = UUID.randomUUID().toString();
        user.setSalt(uuid);
        user.setPassword(OneWayPasswordEncoder.getInstance().encode(userDTO.getPassword(), uuid));
        setSomeUserProperties(userDTO, user, null != institutionRoleType ? institutionRoleType : userDTO.getInstitutionRoleType());
        this.authDAO.createEntity(user);
        userDTO.setResult(true);
    }

    String makeNewUserMessage(String str, User user, String str2, boolean z) {
        StringBuilder sb = new StringBuilder();
        sb.append(NEW_USER_MESSAGE_START);
        if (z) {
            sb.append(NEW_USER_MESSAGE_OPTIONAL_MIDDLE);
        }
        sb.append(NEW_USER_MESSAGE_END);
        return String.format(sb.toString(), str, user.getFirstName(), user.getLastName(), str2);
    }

    String makeNewUserAdminMessage(User user, String str) {
        return String.format(MAIL_ADMIN_MESSAGE, user.getFirstName(), user.getLastName(), str);
    }

    private Function<User, SimpleMailMessage> toMessage(String str, String str2) {
        return user -> {
            return new MailMessageBuilder().to(user.getEmail()).subject(str).text(str2).build();
        };
    }

    public GetUsersResponse getUsers(SearchDTO searchDTO, String str, String str2, int i, int i2, String str3, User user) {
        List<SearchDTO.SearchItem> searchItems;
        this.auditService.logViewActivity(str3, user, "All Users Viewed.");
        if (searchDTO != null && (searchItems = searchDTO.getSearchItems()) != null && searchItems.size() > 0) {
            searchDTO.setSearchItems((List) searchItems.stream().map(searchItem -> {
                if (searchItem.getKey().equals("u.primaryPhone")) {
                    MiscUtil.preparePhoneNumberSearchItems(searchItem);
                }
                return searchItem;
            }).collect(Collectors.toList()));
        }
        return this.authDAO.getUsers(searchDTO, str, str2, i, i2);
    }

    BooleanResultDTO checkEcommonsId(LoginDTO loginDTO) {
        BooleanResultDTO booleanResultDTO = new BooleanResultDTO();
        booleanResultDTO.setResult(this.authDAO.checkEcommonsId(loginDTO.getEcommonsId()));
        return booleanResultDTO;
    }

    BooleanResultDTO checkEmail(LoginDTO loginDTO) {
        BooleanResultDTO booleanResultDTO = new BooleanResultDTO();
        booleanResultDTO.setResult(this.authDAO.checkEmail(loginDTO.getEmail()));
        return booleanResultDTO;
    }

    public UserDTO createUser(UserDTO userDTO, User user, String str, String str2, String str3, int i) {
        User user2 = new User();
        if (userDTO.isGenerateNewPassword()) {
            userDTO.setPassword(generatePassword());
        } else if (!testPassword(userDTO.getPassword())) {
            userDTO.setResult(false);
            userDTO.setErrorMsg(Statics.INSUFFICIENT_PASSWORD);
            return userDTO;
        }
        setupUser(userDTO, user2, null);
        if (!userDTO.isResult()) {
            return userDTO;
        }
        String makeUrl = makeUrl(str, str3, i);
        String makeEmailUserSubject = makeEmailUserSubject(user2);
        this.mailHandler.sendOptionalEmails(new MailMessageBuilder().to(user2.getEmail()).subject(makeEmailUserSubject).text(makeNewUserMessage(makeEmailUserSubject, user2, makeUrl, false)).build());
        this.auditService.logUserActivity(str2, user2, user, Statics.AUDIT_USER_CREATE, null, null);
        return userDTO;
    }

    public UserDTO updatePassword(UserDTO userDTO, User user) {
        User findUserById = this.authDAO.findUserById(user.getId().intValue());
        if (!testPassword(userDTO.getPassword())) {
            userDTO.setErrorMsg(Statics.INSUFFICIENT_PASSWORD);
            userDTO.setResult(false);
            return userDTO;
        }
        userDTO.setPassword(encodePassword(userDTO, findUserById));
        findUserById.setPassword(userDTO.getPassword());
        this.authDAO.updateEntity(findUserById);
        userDTO.setResult(true);
        return userDTO;
    }

    boolean isValidUser(User user, UserDTO userDTO) {
        boolean z = true;
        if (!compareEcommonsIds(userDTO, user) && !checkEcommonsId(userDTO)) {
            userDTO.setResult(false);
            userDTO.setErrorMsg(Statics.ECOMMONS_ID_EXISTS);
            z = false;
        } else if (!compareEmails(userDTO, user) && !checkEmail(userDTO)) {
            userDTO.setResult(false);
            userDTO.setErrorMsg(Statics.EMAIL_EXISTS);
            z = false;
        }
        return z;
    }

    boolean processPassword(User user, UserDTO userDTO) {
        if (!hasPassword(userDTO)) {
            return true;
        }
        if (!passwordsMatch(userDTO, user)) {
            if (!testPassword(userDTO.getPassword())) {
                userDTO.setErrorMsg(Statics.INSUFFICIENT_PASSWORD);
                userDTO.setResult(false);
                return false;
            }
            userDTO.setPassword(encodePassword(userDTO, user));
        }
        user.setPassword(userDTO.getPassword());
        return true;
    }

    public UserDTO updateUser(UserDTO userDTO, User user, String str) {
        User findUserById = this.authDAO.findUserById(userDTO.getId());
        InstitutionRoleType institutionRoleType = userDTO.getInstitutionRoleType();
        if (isValidUser(findUserById, userDTO) && processPassword(findUserById, userDTO)) {
            logUpdateUserData(userDTO, user, str, findUserById, institutionRoleType);
            setSomeUserProperties(userDTO, findUserById, institutionRoleType);
            this.authDAO.updateEntity(findUserById);
            userDTO.setResult(true);
            return userDTO;
        }
        return userDTO;
    }

    private boolean checkEmail(UserDTO userDTO) {
        return this.authDAO.checkEmail(userDTO.getEmail());
    }

    private boolean compareEmails(UserDTO userDTO, User user) {
        return userDTO.getEmail().equals(user.getEmail());
    }

    private String encodePassword(UserDTO userDTO, User user) {
        return OneWayPasswordEncoder.getInstance().encode(userDTO.getPassword(), user.getSalt());
    }

    private boolean checkEcommonsId(UserDTO userDTO) {
        return this.authDAO.checkEcommonsId(userDTO.getEcommonsId());
    }

    boolean compareEcommonsIds(UserDTO userDTO, User user) {
        return userDTO.getEcommonsId().equals(user.getEcommonsId());
    }

    boolean passwordsMatch(UserDTO userDTO, User user) {
        return user.getPassword().equals(userDTO.getPassword());
    }

    static boolean hasPassword(UserDTO userDTO) {
        return MiscUtil.isNonNullNonEmpty(userDTO.getPassword());
    }

    private void logUpdateUserData(UserDTO userDTO, User user, String str, User user2, InstitutionRoleType institutionRoleType) {
        String name = this.studyDAO.findInstitutionRoleByType(institutionRoleType).getName();
        Integer valueOf = Integer.valueOf(userDTO.getRoleId());
        StudyDAO studyDAO = this.studyDAO;
        studyDAO.getClass();
        String lookupFieldById = lookupFieldById(valueOf, (v1) -> {
            return r2.findRoleById(v1);
        });
        Integer valueOf2 = Integer.valueOf(userDTO.getInstitutionId());
        ResourceDAO resourceDAO = this.resourceDAO;
        resourceDAO.getClass();
        ArrayList newArrayList = Lists.newArrayList(makeFieldString("First Name", userDTO.getFirstName(), user2.getFirstName()), makeFieldString("Middle Name", userDTO.getMiddleName(), user2.getMiddleName()), makeFieldString("Last Name", userDTO.getLastName(), user2.getLastName()), makeFieldString("Ecommons Id", userDTO.getEcommonsId(), user2.getEcommonsId()), makeFieldString("Primary Phone", userDTO.getPrimaryPhone(), user2.getPrimaryPhone()), makeFieldString("Institution Role", name, (String) user2.getInstitutionRole(), (InstitutionRole) institutionRoleType, (Function<String, InstitutionRole>) (v0) -> {
            return v0.getType();
        }), makeFieldString("Role", lookupFieldById, (String) user2.getRole(), (Role) Integer.valueOf(userDTO.getRoleId()), (Function<String, Role>) (v0) -> {
            return v0.getType();
        }), makeFieldString("Institution", lookupFieldById(valueOf2, (v1) -> {
            return r2.findInstitutionById(v1);
        }), (String) user2.getInstitution(), (Institution) Integer.valueOf(userDTO.getInstitutionId()), (Function<String, Institution>) (v0) -> {
            return v0.getId();
        }), makeFieldString("Notification Email", userDTO.getNotificationEmail(), user2.getNotificationEmail()));
        ArrayList newArrayList2 = Lists.newArrayList(makeFieldString("Secondary Phone", userDTO.getSecondaryPhone(), user2.getSecondaryPhone()), makeFieldString("Email", userDTO.getEmail(), user2.getEmail()), makeFieldString("Fax", userDTO.getFax(), user2.getFax()), makeFieldString("Pager", userDTO.getPager(), user2.getPager()), makeFieldString("Division", Integer.valueOf(userDTO.getDivision()), user2.getDivision()), makeFieldString("Department", Integer.valueOf(userDTO.getDepartment()), user2.getDepartment()), makeFieldString("Credential", Integer.valueOf(userDTO.getCredential()), user2.getCredential()), makeFieldString("Faculty Rank", Integer.valueOf(userDTO.getFacultyRank()), user2.getFacultyRank()));
        Joiner on = Joiner.on("");
        this.auditService.logUserActivity(str, user2, user, Statics.AUDIT_USER_UPDATE, on.join((Iterable<?>) ListUtils.flatten(newArrayList)), on.join((Iterable<?>) ListUtils.flatten(newArrayList2)));
    }

    UserDTO logViewUser(UserDTO userDTO, User user, String str) {
        this.auditService.logUserActivity(str, this.authDAO.findUserById(userDTO.getId()), user, Statics.AUDIT_USER_VIEW, null, null);
        return userDTO;
    }

    boolean testPassword(String str) {
        if (str.length() < 8) {
            LOGGER.info("Submitted passwords is not at least eight characters long");
            return false;
        }
        Matcher matcher = Pattern.compile("[a-z]+").matcher(str);
        Matcher matcher2 = Pattern.compile("[A-Z]+").matcher(str);
        if (!matcher.find() || !matcher2.find()) {
            LOGGER.info("Sumitted passwords does not include at least one uppercase and one lowercase letter");
            return false;
        }
        Matcher matcher3 = Pattern.compile("\\d+").matcher(str);
        Matcher matcher4 = Pattern.compile("\\p{Punct}+").matcher(str);
        if (matcher3.find() && matcher4.find()) {
            return true;
        }
        LOGGER.info("Submitted passwords does not include at least one numeric character and one punctuation character");
        return false;
    }

    public BooleanResultDTO changeUserStatus(int i, User user, String str, String str2, String str3, int i2) {
        String makeUrl = makeUrl(str, str3, i2);
        BooleanResultDTO booleanResultDTO = new BooleanResultDTO();
        User findUserById = this.authDAO.findUserById(i);
        if (findUserById.getActive()) {
            findUserById.setActive(Boolean.FALSE.booleanValue());
            this.authDAO.updateEntity(findUserById);
            this.auditService.logUserActivity(str2, findUserById, user, Statics.AUDIT_USER_DEACTIVATE, null, null);
        } else {
            findUserById.setActive(Boolean.TRUE.booleanValue());
            this.authDAO.updateEntity(findUserById);
            this.auditService.logUserActivity(str2, findUserById, user, Statics.AUDIT_USER_ACTIVATE, null, null);
            sendUserActivationEmail(makeUrl, findUserById);
        }
        booleanResultDTO.setResult(true);
        return booleanResultDTO;
    }

    void sendUserActivationEmail(String str, User user) {
        StringBuffer stringBuffer = new StringBuffer();
        String str2 = "Welcome to the CRC Scheduler,  " + user.getFirstName() + " " + user.getLastName() + " !";
        stringBuffer.append("\n<html><head><title>" + str2 + "</title><style></style>\n</head>\n<body>");
        stringBuffer.append("\n<p>Welcome to the CRC Scheduler,</p> " + user.getFirstName() + " " + user.getLastName() + "! \n<p>Your account has been activated and you can now access the system. </p>\n<p> You can go to " + str + " and login as " + user.getEcommonsId() + " with the password you entered in the Registration form.  If you ever forget your password, you can click on the \"Forgot My Password\" link and submit your email address. </p>\n<p>A new password will then be emailed to you. Once you are logged in, you can always reset your password on the Management page. </p>\n Thanks!</body>\n</html>\n");
        this.mailHandler.sendOptionalEmails(new MailMessageBuilder().to(user.getEmail()).subject(str2).text(stringBuffer.toString()).build());
    }

    public List<Role> getRoles() {
        return this.authDAO.getRolesExceptFinalApprover();
    }

    boolean isBadEmailOrEcommonsId(UserDTO userDTO) {
        if (!checkEcommonsId(userDTO)) {
            userDTO.setResult(false);
            userDTO.setErrorMsg(Statics.ECOMMONS_ID_EXISTS);
            return true;
        }
        if (checkEmail(userDTO)) {
            return false;
        }
        userDTO.setResult(false);
        userDTO.setErrorMsg(Statics.EMAIL_EXISTS);
        return true;
    }

    void setSomeUserProperties(UserDTO userDTO, User user, InstitutionRoleType institutionRoleType) {
        user.setEcommonsId(userDTO.getEcommonsId());
        user.setFirstName(userDTO.getFirstName());
        user.setMiddleName(userDTO.getMiddleName());
        user.setLastName(userDTO.getLastName());
        user.setPrimaryPhone(userDTO.getPrimaryPhone());
        user.setSecondaryPhone(userDTO.getSecondaryPhone());
        user.setEmail(userDTO.getEmail());
        user.setNotificationEmail(userDTO.getNotificationEmail());
        user.setFax(userDTO.getFax());
        user.setPager(userDTO.getPager());
        user.setDivision(this.authDAO.findDivisionById(userDTO.getDivision()));
        user.setDepartment(this.authDAO.findDepartmentById(userDTO.getDepartment()));
        user.setInstitutionRole(this.studyDAO.findInstitutionRoleByType(institutionRoleType));
        user.setRole(this.studyDAO.findRoleById(userDTO.getRoleId()));
        user.setInstitution(this.resourceDAO.findInstitutionById(userDTO.getInstitutionId()));
        user.setCredential(this.authDAO.findCredentialById(userDTO.getCredential()));
        user.setFacultyRank(this.authDAO.findFacultyRankById(userDTO.getFacultyRank()));
        user.setActive(userDTO.isActive());
    }

    public List<UserDataResponse> getStudyMembers(String str, String str2, String str3) {
        return this.authDAO.getAddStudyMemberList(str, str2, str3);
    }

    public UserDetailResponse getUserData(int i) {
        return this.authDAO.getUserData(i);
    }
}
