package systems.dmx.signup;

import java.net.URISyntaxException;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.osgi.framework.BundleContext;
import systems.dmx.accesscontrol.AccessControlService;
import systems.dmx.accesscontrol.event.PostLoginUser;
import systems.dmx.core.Assoc;
import systems.dmx.core.RelatedTopic;
import systems.dmx.core.Topic;
import systems.dmx.core.model.SimpleValue;
import systems.dmx.core.model.TopicModel;
import systems.dmx.core.osgi.PluginActivator;
import systems.dmx.core.service.ChangeReport;
import systems.dmx.core.service.DMXEvent;
import systems.dmx.core.service.EventListener;
import systems.dmx.core.service.Inject;
import systems.dmx.core.service.Transactional;
import systems.dmx.core.service.accesscontrol.AccessControlException;
import systems.dmx.core.service.accesscontrol.Credentials;
import systems.dmx.core.service.event.PostUpdateTopic;
import systems.dmx.core.storage.spi.DMXTransaction;
import systems.dmx.facets.FacetsService;
import systems.dmx.ldap.service.LDAPPluginService;
import systems.dmx.sendmail.SendmailService;
import systems.dmx.signup.PasswordResetTokenCheckRequestResult;
import systems.dmx.signup.ProcessSignUpRequestResult;
import systems.dmx.signup.SignUpRequestResult;
import systems.dmx.signup.configuration.AccountCreation;
import systems.dmx.signup.configuration.ModuleConfiguration;
import systems.dmx.signup.configuration.SignUpConfigOptions;
import systems.dmx.signup.mapper.IsValidEmailAdressMapper;
import systems.dmx.signup.mapper.NewAccountDataMapper;
import systems.dmx.signup.model.NewAccountData;
import systems.dmx.signup.model.NewAccountTokenData;
import systems.dmx.signup.model.PasswordResetTokenData;
import systems.dmx.workspaces.WorkspacesService;

@Produces({"application/json"})
@Path("/sign-up")
/* loaded from: input_file:systems/dmx/signup/SignupPlugin.class */
public class SignupPlugin extends PluginActivator implements SignupService, PostUpdateTopic, PostLoginUser {

    @Inject
    private AccessControlService accesscontrol;

    @Inject
    private FacetsService facets;

    @Inject
    private SendmailService sendmail;

    @Inject
    private WorkspacesService workspaces;
    private OptionalService<LDAPPluginService> ldapPluginService;

    @Context
    UriInfo uri;
    private static final Logger log = Logger.getLogger(SignupPlugin.class.getName());
    static DMXEvent USER_ACCOUNT_CREATE_LISTENER = new DMXEvent(UserAccountCreateListener.class) { // from class: systems.dmx.signup.SignupPlugin.1
        public void dispatch(EventListener eventListener, Object... objArr) {
            ((UserAccountCreateListener) eventListener).userAccountCreated((Topic) objArr[0]);
        }
    };
    private ModuleConfiguration activeModuleConfiguration = null;
    private Topic customWorkspaceAssignmentTopic = null;
    private String systemEmailContact = null;
    HashMap<String, NewAccountTokenData> newAccountTokenData = new HashMap<>();
    HashMap<String, PasswordResetTokenData> passwordResetTokenData = new HashMap<>();
    HashMap<String, String> deferredDisplayName = new HashMap<>();
    EmailTextProducer emailTextProducer = new InternalEmailTextProducer();
    private NewAccountDataMapper newAccountDataMapper = new NewAccountDataMapper();
    private IsValidEmailAdressMapper isValidEmailAdressMapper = new IsValidEmailAdressMapper();

    public void init() {
        initOptionalServices();
        reloadAssociatedSignupConfiguration();
        log.info("\n  dmx.signup.account_creation: " + SignUpConfigOptions.CONFIG_ACCOUNT_CREATION + "\n  dmx.signup.account_creation_password_handling: " + SignUpConfigOptions.CONFIG_ACCOUNT_CREATION_PASSWORD_HANDLING + "\n  dmx.signup.username_policy: " + SignUpConfigOptions.CONFIG_USERNAME_POLICY + "\n  dmx.signup.confirm_email_address: " + SignUpConfigOptions.CONFIG_EMAIL_CONFIRMATION + "\n  dmx.signup.admin_mailbox: " + SignUpConfigOptions.CONFIG_ADMIN_MAILBOX + "\n  dmx.signup.system_mailbox: " + SignUpConfigOptions.CONFIG_FROM_MAILBOX + "\n  dmx.signup.ldap_account_creation: " + SignUpConfigOptions.CONFIG_CREATE_LDAP_ACCOUNTS + "\n  dmx.signup.account_creation_auth_ws_uri: " + SignUpConfigOptions.CONFIG_ACCOUNT_CREATION_AUTH_WS_URI + "\n  dmx.signup.restrict_auth_methods: " + SignUpConfigOptions.CONFIG_RESTRICT_AUTH_METHODS + "\n  dmx.signup.token_expiration_time: " + SignUpConfigOptions.CONFIG_TOKEN_EXPIRATION_DURATION.toHours() + "\n");
        log.info("Available auth methods and order:" + getAuthorizationMethods() + "\n");
        if (SignUpConfigOptions.CONFIG_CREATE_LDAP_ACCOUNTS && !isLdapPluginAvailable()) {
            log.warning("LDAP Account creation configured but respective plugin not available!");
        }
        if (SignUpConfigOptions.CONFIG_ADMIN_MAILBOX == null || SignUpConfigOptions.CONFIG_ADMIN_MAILBOX.isEmpty()) {
            log.warning("'dmx.signup.admin_mailbox' is not configured. Please correct this otherwise various notification emails cannot be send.");
        }
    }

    public void stop(BundleContext bundleContext) {
        this.ldapPluginService.release();
        super.stop(bundleContext);
    }

    @Override // systems.dmx.signup.SignupService
    public void setEmailTextProducer(EmailTextProducer emailTextProducer) {
        if (emailTextProducer == null) {
            throw new IllegalArgumentException("New instance cannot be null");
        }
        this.emailTextProducer = emailTextProducer;
    }

    @Override // systems.dmx.signup.SignupService
    public String getSystemEmailContactOrEmpty() {
        return this.systemEmailContact == null ? "" : this.systemEmailContact;
    }

    private void initOptionalServices() {
        this.ldapPluginService = new OptionalService<>(getBundleContext(), () -> {
            return LDAPPluginService.class;
        });
    }

    @Override // systems.dmx.signup.SignupService
    @GET
    @Path("/display-name/{username}")
    public String getDisplayName(@PathParam("username") String str) {
        RelatedTopic facet;
        try {
            Topic usernameTopic = this.accesscontrol.getUsernameTopic(str);
            if (usernameTopic == null || (facet = this.facets.getFacet(usernameTopic, Constants.DISPLAY_NAME_FACET)) == null) {
                return null;
            }
            return facet.getSimpleValue().toString();
        } catch (Exception e) {
            throw new RuntimeException("Fetching display name of user \"" + str + "\" failed", e);
        }
    }

    @Override // systems.dmx.signup.SignupService
    @Path("/display-name/{username}")
    @PUT
    @Transactional
    public void updateDisplayName(@PathParam("username") String str, @QueryParam("displayName") String str2) {
        try {
            this.dmx.getPrivilegedAccess().runInWorkspaceContext(getDisplayNamesWorkspaceId(), () -> {
                Topic usernameTopic = this.accesscontrol.getUsernameTopic(str);
                if (usernameTopic == null) {
                    return null;
                }
                this.facets.updateFacet(usernameTopic, Constants.DISPLAY_NAME_FACET, this.mf.newFacetValueModel(Constants.DISPLAY_NAME).set(str2));
                return null;
            });
        } catch (Exception e) {
            throw new RuntimeException("Updating display name of user '" + str + "' failed, displayName='" + str2 + "'", e);
        }
    }

    private NewAccountData mapToNewAccountData(String str, String str2, String str3) {
        return this.newAccountDataMapper.map(SignUpConfigOptions.CONFIG_USERNAME_POLICY, str, str2, str3);
    }

    @Override // systems.dmx.signup.SignupService
    public SignUpRequestResult requestSignUp(String str, String str2, String str3, String str4, boolean z) {
        if (!isSelfRegistrationEnabled() && !hasAccountCreationPrivilege()) {
            return new SignUpRequestResult(SignUpRequestResult.Code.ACCOUNT_CREATION_DENIED);
        }
        if (!this.isValidEmailAdressMapper.map(str2)) {
            return new SignUpRequestResult(SignUpRequestResult.Code.ERROR_INVALID_EMAIL);
        }
        NewAccountData mapToNewAccountData = mapToNewAccountData(str, str2, str3);
        try {
            return SignUpConfigOptions.CONFIG_EMAIL_CONFIRMATION ? handleSignUpWithEmailConfirmation(mapToNewAccountData, str4, z) : handleSignUpWithDirectAccountCreation(mapToNewAccountData, str4);
        } catch (URISyntaxException e) {
            log.log(Level.SEVERE, "Could not build response URI while handling sign-up request", (Throwable) e);
            return new SignUpRequestResult(SignUpRequestResult.Code.UNEXPECTED_ERROR);
        }
    }

    private SignUpRequestResult handleSignUpWithDirectAccountCreation(NewAccountData newAccountData, String str) throws URISyntaxException {
        if (!isSelfRegistrationEnabled() && !hasAccountCreationPrivilege()) {
            return new SignUpRequestResult(SignUpRequestResult.Code.ACCOUNT_CREATION_DENIED);
        }
        try {
            transactional(() -> {
                createCustomUserAccount(newAccountData, str);
            });
            return handleAccountCreatedRedirect(newAccountData.username);
        } catch (Exception e) {
            return new SignUpRequestResult(SignUpRequestResult.Code.UNEXPECTED_ERROR);
        }
    }

    private SignUpRequestResult handleSignUpWithEmailConfirmation(NewAccountData newAccountData, String str, boolean z) {
        if (!z || !hasAccountCreationPrivilege()) {
            log.fine("Sign-up Configuration: Email based confirmation workflow active. Sending out confirmation mail.");
            sendConfirmationMail(createUserValidationToken(newAccountData, str), newAccountData.displayName, newAccountData.emailAddress);
            return new SignUpRequestResult(SignUpRequestResult.Code.SUCCESS_EMAIL_CONFIRMATION_NEEDED);
        }
        if (SignUpConfigOptions.CONFIG_ACCOUNT_CREATION != AccountCreation.ADMIN) {
            log.warning("Non-privileged user attempted to skip confirmation email. Username: " + this.accesscontrol.getUsername());
            return new SignUpRequestResult(SignUpRequestResult.Code.ADMIN_PRIVILEGE_MISSING);
        }
        log.info("Sign-up Configuration: Email based confirmation workflow active but admin is skipping confirmation mail.");
        try {
            transactional(() -> {
                createCustomUserAccount(newAccountData, str);
            });
            return handleAccountCreatedRedirect(newAccountData.username);
        } catch (Exception e) {
            return new SignUpRequestResult(SignUpRequestResult.Code.UNEXPECTED_ERROR);
        }
    }

    private SignUpRequestResult handleAccountCreatedRedirect(String str) {
        if (SignUpConfigOptions.DMX_ACCOUNTS_ENABLED) {
            log.info("DMX Config: The new account is now ENABLED.");
            return new SignUpRequestResult(SignUpRequestResult.Code.SUCCESS_ACCOUNT_CREATED, str);
        }
        log.info("DMX Config: The new account is now DISABLED.");
        return new SignUpRequestResult(SignUpRequestResult.Code.SUCCESS_ACCOUNT_PENDING, str);
    }

    @Override // systems.dmx.signup.SignupService
    public ProcessSignUpRequestResult requestProcessSignUp(String str) {
        if (!this.newAccountTokenData.containsKey(str)) {
            return new ProcessSignUpRequestResult(ProcessSignUpRequestResult.Code.INVALID_TOKEN);
        }
        NewAccountTokenData remove = this.newAccountTokenData.remove(str);
        try {
            if (!remove.expiration.isAfter(Instant.now())) {
                return new ProcessSignUpRequestResult(ProcessSignUpRequestResult.Code.LINK_EXPIRED);
            }
            log.log(Level.INFO, "Trying to create user account for {0}", remove.accountData.emailAddress);
            try {
                transactional(() -> {
                    createCustomUserAccount(remove.accountData, remove.password);
                });
                log.log(Level.INFO, "Account successfully created for username: {0}", remove.accountData.username);
                if (SignUpConfigOptions.DMX_ACCOUNTS_ENABLED) {
                    return new ProcessSignUpRequestResult(ProcessSignUpRequestResult.Code.SUCCESS, remove.accountData.username);
                }
                log.info("Account activation by an administrator remains PENDING ");
                return new ProcessSignUpRequestResult(ProcessSignUpRequestResult.Code.SUCCESS_ACCOUNT_PENDING);
            } catch (Exception e) {
                return new ProcessSignUpRequestResult(ProcessSignUpRequestResult.Code.UNEXPECTED_ERROR);
            }
        } catch (RuntimeException e2) {
            log.log(Level.SEVERE, "Account creation failed", (Throwable) e2);
            return new ProcessSignUpRequestResult(ProcessSignUpRequestResult.Code.UNEXPECTED_ERROR);
        }
    }

    @Override // systems.dmx.signup.SignupService
    public InitiatePasswordResetRequestResult requestInitiateRedirectPasswordReset(String str, String str2) {
        log.info("Password reset requested for user with email address: '" + str + "' wishing to redirect to: '" + str2 + "'");
        if (!this.dmx.getPrivilegedAccess().emailAddressExists(str)) {
            log.warning("Email based password reset workflow not possible because email address is not known: " + str);
            return InitiatePasswordResetRequestResult.EMAIL_UNKNOWN;
        }
        log.info("Email based password reset workflow do'able, sending out passwort reset mail.");
        sendPasswordResetToken(str, null, str2);
        return InitiatePasswordResetRequestResult.SUCCESS;
    }

    @Override // systems.dmx.signup.SignupService
    @GET
    @Path("/password-reset/{emailAddress}")
    public InitiatePasswordResetRequestResult requestInitiatePasswordReset(@PathParam("emailAddress") String str, @QueryParam("name") String str2) {
        log.info("Password reset requested for user with Email: '" + str + "' and display name: '" + str2 + "'");
        try {
            if (!this.isValidEmailAdressMapper.map(str)) {
                return InitiatePasswordResetRequestResult.UNEXPECTED_ERROR;
            }
            if (!this.dmx.getPrivilegedAccess().emailAddressExists(str)) {
                log.info("Email based password reset workflow not possible because mail address not known: " + str);
                return InitiatePasswordResetRequestResult.EMAIL_UNKNOWN;
            }
            log.info("Email based password reset workflow possible, sending out passwort reset mail.");
            sendPasswordResetToken(str, str2, null);
            return InitiatePasswordResetRequestResult.SUCCESS;
        } catch (Exception e) {
            log.log(Level.SEVERE, (String) null, (Throwable) e);
            return InitiatePasswordResetRequestResult.UNEXPECTED_ERROR;
        }
    }

    @Override // systems.dmx.signup.SignupService
    @GET
    @Path("/token/{token}")
    public PasswordResetTokenCheckRequestResult requestPasswordResetTokenCheck(@PathParam("token") String str) {
        if (!this.passwordResetTokenData.containsKey(str)) {
            return new PasswordResetTokenCheckRequestResult(PasswordResetTokenCheckRequestResult.Code.INVALID_TOKEN);
        }
        PasswordResetTokenData passwordResetTokenData = this.passwordResetTokenData.get(str);
        if (passwordResetTokenData != null && passwordResetTokenData.expiration.isAfter(Instant.now())) {
            return new PasswordResetTokenCheckRequestResult(PasswordResetTokenCheckRequestResult.Code.SUCCESS, passwordResetTokenData.accountData.username, passwordResetTokenData.accountData.emailAddress, passwordResetTokenData.accountData.displayName, passwordResetTokenData.redirectUrl);
        }
        log.warning("The provided password reset token '" + str + "' has expired or is invalid");
        this.passwordResetTokenData.remove(str);
        return new PasswordResetTokenCheckRequestResult(PasswordResetTokenCheckRequestResult.Code.LINK_EXPIRED);
    }

    @GET
    @Path("/self-registration-active")
    public Response getSelfRegistrationStatus() {
        return Response.ok("" + isSelfRegistrationEnabled()).build();
    }

    @Override // systems.dmx.signup.SignupService
    @GET
    @Path("/password-reset/{token}/{password}")
    @Transactional
    public PasswordChangeRequestResult requestPasswordChange(@PathParam("token") String str, @PathParam("password") String str2) {
        log.info("Processing Password Update Request Token... ");
        PasswordResetTokenData passwordResetTokenData = this.passwordResetTokenData.get(str);
        if (passwordResetTokenData == null) {
            return PasswordChangeRequestResult.NO_TOKEN;
        }
        Credentials credentials = new Credentials(passwordResetTokenData.accountData.username, str2);
        if (!isLdapAccountCreationEnabled()) {
            this.dmx.getPrivilegedAccess().changePassword(credentials);
        } else {
            if (this.ldapPluginService.get().changePassword(credentials) == null) {
                log.severe("Credentials for user " + credentials.username + " COULD NOT be changed succesfully.");
                return PasswordChangeRequestResult.PASSWORD_CHANGE_FAILED;
            }
            log.info("If no previous errors are reported here or in the LDAP-service log, the credentials for user " + credentials.username + " should now have been changed succesfully.");
        }
        this.passwordResetTokenData.remove(str);
        return PasswordChangeRequestResult.SUCCESS;
    }

    @Override // systems.dmx.signup.SignupService
    @POST
    @Path("/user-account/{username}/{emailAddress}/{displayname}/{password}")
    @Transactional
    public Topic createUserAccount(@PathParam("username") String str, @PathParam("emailAddress") String str2, @PathParam("displayname") String str3, @PathParam("password") String str4) {
        log.info("Creating user account with display name \"" + str3 + "\" and email address \"" + str2 + "\"");
        checkAccountCreation();
        return createCustomUserAccount(mapToNewAccountData(str, str2, str3), str4);
    }

    private void setupDisplayName(final String str, final String str2) throws Exception {
        final long id = this.accesscontrol.getUsernameTopic(str).getId();
        final long displayNamesWorkspaceId = getDisplayNamesWorkspaceId();
        this.dmx.getPrivilegedAccess().runInWorkspaceContext(-1L, new Callable<Topic>() { // from class: systems.dmx.signup.SignupPlugin.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Topic call() {
                SignupPlugin.this.facets.addFacetTypeToTopic(id, Constants.DISPLAY_NAME_FACET);
                SignupPlugin.this.facets.updateFacet(id, Constants.DISPLAY_NAME_FACET, SignupPlugin.this.mf.newFacetValueModel(Constants.DISPLAY_NAME).set(str2));
                SignupPlugin.this.dmx.getPrivilegedAccess().createMembership(str, displayNamesWorkspaceId);
                SignupPlugin.log.info("Created membership for new user account in \"Display Names\" workspace (SharingMode.Collaborative)");
                RelatedTopic facet = SignupPlugin.this.facets.getFacet(id, Constants.DISPLAY_NAME_FACET);
                SignupPlugin.this.dmx.getPrivilegedAccess().assignToWorkspace(facet, displayNamesWorkspaceId);
                return facet;
            }
        });
    }

    private Topic createCustomUserAccount(NewAccountData newAccountData, String str) {
        try {
            String createSimpleUserAccount = createSimpleUserAccount(newAccountData.username, str, newAccountData.emailAddress);
            String str2 = newAccountData.displayName;
            if (hasAccountCreationPrivilege()) {
                setupDisplayName(createSimpleUserAccount, str2);
            } else {
                this.deferredDisplayName.put(createSimpleUserAccount, str2);
            }
            return this.accesscontrol.getUsernameTopic(createSimpleUserAccount);
        } catch (Exception e) {
            log.log(Level.WARNING, "Unable to create custom account", (Throwable) e);
            throw new RuntimeException("Creating custom user account failed, mailbox='" + newAccountData.emailAddress + "', displayName='" + newAccountData.displayName + "'", e);
        }
    }

    public long getDisplayNamesWorkspaceId() {
        Topic workspace = this.workspaces.getWorkspace(Constants.DISPLAY_NAME_WS_URI);
        if (workspace != null) {
            return workspace.getId();
        }
        return -1L;
    }

    @Override // systems.dmx.signup.SignupService
    @POST
    @Path("/confirm/membership/custom")
    @Transactional
    public String createAPIWorkspaceMembershipRequest() {
        Topic topicByUri = this.dmx.getTopicByUri("dmx.signup.api_membership_requests");
        if (topicByUri == null || this.accesscontrol.getUsername() == null) {
            return "{ \"membership_created\" : false}";
        }
        Topic usernameTopic = this.accesscontrol.getUsernameTopic();
        createApiWorkspaceMembership(usernameTopic);
        if (getMembershipAssociation(usernameTopic.getId(), topicByUri.getId()) == null) {
            createApiMembershipRequestNoteAssociation(usernameTopic, topicByUri);
            return "{ \"membership_created\" : true}";
        }
        String simpleValue = usernameTopic.getSimpleValue().toString();
        log.info("Revoke Request for API Workspace Membership by user '" + simpleValue + "'");
        sendSystemMailboxNotification(this.emailTextProducer.getApiUsageRevokedMailSubject(), this.emailTextProducer.getApiUsageRevokedMailText(simpleValue));
        return "{ \"membership_created\" : true}";
    }

    public void postUpdateTopic(Topic topic, ChangeReport changeReport, TopicModel topicModel) {
        if (topic.getTypeUri().equals(Constants.SIGN_UP_CONFIG_TYPE_URI)) {
            reloadAssociatedSignupConfiguration();
            return;
        }
        if (topic.getTypeUri().equals("dmx.accesscontrol.login_enabled")) {
            boolean parseBoolean = Boolean.parseBoolean(topic.getSimpleValue().toString());
            RelatedTopic relatedTopic = topic.getRelatedTopic("dmx.config.configuration", (String) null, (String) null, "dmx.accesscontrol.username");
            if (!parseBoolean || SignUpConfigOptions.DMX_ACCOUNTS_ENABLED) {
                return;
            }
            log.info("Sign-up Notification: User Account \"" + relatedTopic.getSimpleValue() + "\" is now ENABLED!");
            RelatedTopic relatedTopic2 = relatedTopic.getRelatedTopic(Constants.USER_MAILBOX_EDGE_TYPE, (String) null, (String) null, Constants.USER_MAILBOX_TYPE_URI);
            if (relatedTopic2 != null) {
                String simpleValue = relatedTopic2.getSimpleValue().toString();
                sendMail(this.emailTextProducer.getAccountActiveEmailSubject(), this.emailTextProducer.getAccountActiveEmailMessage(relatedTopic.toString()), simpleValue);
                log.info("Send system notification mail to " + simpleValue + " - The account is now active!");
            }
        }
    }

    @Override // systems.dmx.signup.SignupService
    public Boolean isLoggedIn() {
        return Boolean.valueOf(this.accesscontrol.getUsername() != null);
    }

    private void sendSystemMailboxNotification(String str, String str2) {
        if (SignUpConfigOptions.CONFIG_ADMIN_MAILBOX.isEmpty()) {
            log.warning("Did not send notification mail to System Mailbox - Admin Mailbox configuration not ");
            return;
        }
        try {
            sendMail(str, str2, SignUpConfigOptions.CONFIG_ADMIN_MAILBOX);
        } catch (Exception e) {
            throw new RuntimeException("There seems to be an issue with your mail (SMTP) setup, we FAILED sending out a notification mail to the admin", e);
        }
    }

    private boolean isLdapPluginAvailable() {
        try {
            return this.ldapPluginService.get() != null;
        } catch (NoClassDefFoundError e) {
            return false;
        }
    }

    @Override // systems.dmx.signup.SignupService
    public boolean isLdapAccountCreationEnabled() {
        return SignUpConfigOptions.CONFIG_CREATE_LDAP_ACCOUNTS && isLdapPluginAvailable();
    }

    private boolean isAccountCreationPasswordEditable() {
        return SignUpConfigOptions.CONFIG_ACCOUNT_CREATION_PASSWORD_HANDLING == AccountCreation.PasswordHandling.EDITABLE;
    }

    private Topic createUsername(Credentials credentials) throws Exception {
        return isLdapAccountCreationEnabled() ? this.ldapPluginService.get().createUser(credentials) : this.accesscontrol._createUserAccount(credentials);
    }

    private String createSimpleUserAccount(String str, String str2, final String str3) {
        try {
            if (isUsernameTaken(str)) {
                throw new RuntimeException("Username '" + str + "' was already registered and confirmed");
            }
            final Topic createUsername = createUsername(new Credentials(str, str2));
            this.dmx.getPrivilegedAccess().runInWorkspaceContext(-1L, new Callable<Topic>() { // from class: systems.dmx.signup.SignupPlugin.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Topic call() {
                    long systemWorkspaceId = SignupPlugin.this.dmx.getPrivilegedAccess().getSystemWorkspaceId();
                    Topic createTopic = SignupPlugin.this.dmx.createTopic(SignupPlugin.this.mf.newTopicModel(Constants.USER_MAILBOX_TYPE_URI, new SimpleValue(str3)));
                    SignupPlugin.this.dmx.getPrivilegedAccess().assignToWorkspace(createTopic, systemWorkspaceId);
                    SignupPlugin.this.dmx.fireEvent(SignupPlugin.USER_ACCOUNT_CREATE_LISTENER, new Object[]{createUsername});
                    SignupPlugin.this.dmx.getPrivilegedAccess().assignToWorkspace(SignupPlugin.this.dmx.createAssoc(SignupPlugin.this.mf.newAssocModel(Constants.USER_MAILBOX_EDGE_TYPE, SignupPlugin.this.mf.newTopicPlayerModel(createTopic.getId(), "dmx.core.child"), SignupPlugin.this.mf.newTopicPlayerModel(createUsername.getId(), "dmx.core.parent"))), systemWorkspaceId);
                    if (SignupPlugin.this.customWorkspaceAssignmentTopic != null) {
                        SignupPlugin.this.accesscontrol.createMembership(createUsername.getSimpleValue().toString(), SignupPlugin.this.customWorkspaceAssignmentTopic.getId());
                        SignupPlugin.log.info("Created new Membership for " + createUsername.getSimpleValue().toString() + " in workspace=" + SignupPlugin.this.customWorkspaceAssignmentTopic.getSimpleValue().toString());
                    }
                    return createTopic;
                }
            });
            log.info("Created new user account for user '" + str + "' and " + str3);
            sendNotificationMail(str, str3);
            return str;
        } catch (Exception e) {
            log.log(Level.WARNING, "Creating simple user account failed", (Throwable) e);
            throw new RuntimeException("Creating simple user account failed, username='" + str + "', mailbox='" + str3 + "'", e);
        }
    }

    @Override // systems.dmx.signup.SignupService
    @GET
    @Path("/email/{email}/taken")
    public boolean isEmailAddressTaken(@PathParam("email") String str) {
        return this.dmx.getPrivilegedAccess().emailAddressExists(str.toLowerCase().trim());
    }

    @Override // systems.dmx.signup.SignupService
    @GET
    @Path("/username/{username}/taken")
    public boolean isUsernameTaken(@PathParam("username") String str) {
        return this.accesscontrol.getUsernameTopic(str.trim()) != null;
    }

    @Override // systems.dmx.signup.SignupService
    public boolean isSelfRegistrationEnabled() {
        return SignUpConfigOptions.CONFIG_ACCOUNT_CREATION == AccountCreation.PUBLIC;
    }

    @Override // systems.dmx.signup.SignupService
    public boolean hasAccountCreationPrivilege() {
        try {
            checkAccountCreation();
            return true;
        } catch (AccessControlException e) {
            return false;
        } catch (RuntimeException e2) {
            return false;
        }
    }

    private void checkAccountCreation() {
        if (!isAccountCreationWorkspaceUriConfigured()) {
            checkAdministrationWorkspaceWriteAccess();
            return;
        }
        try {
            checkAccountCreationWorkspaceWriteAccess();
        } catch (RuntimeException e) {
            checkAdministrationWorkspaceWriteAccess();
        } catch (AccessControlException e2) {
            checkAdministrationWorkspaceWriteAccess();
        }
    }

    private void checkAdministrationWorkspaceWriteAccess() {
        this.dmx.getTopic(this.dmx.getPrivilegedAccess().getAdminWorkspaceId()).checkWriteAccess();
    }

    private boolean isAccountCreationWorkspaceUriConfigured() {
        return !SignUpConfigOptions.CONFIG_ACCOUNT_CREATION_AUTH_WS_URI.isEmpty();
    }

    private void checkAccountCreationWorkspaceWriteAccess() {
        this.dmx.getTopic(this.workspaces.getWorkspace(SignUpConfigOptions.CONFIG_ACCOUNT_CREATION_AUTH_WS_URI).getId()).checkWriteAccess();
    }

    @Override // systems.dmx.signup.SignupService
    public boolean isApiWorkspaceMember() {
        String username = this.accesscontrol.getUsername();
        if (username == null) {
            return false;
        }
        String apiWorkspaceUri = this.activeModuleConfiguration.getApiWorkspaceUri();
        if (apiWorkspaceUri.isEmpty() || apiWorkspaceUri.equals("undefined")) {
            return getMembershipAssociation(this.accesscontrol.getUsernameTopic().getId(), this.dmx.getTopicByUri("dmx.signup.api_membership_requests").getId()) != null;
        }
        Topic workspace = this.dmx.getPrivilegedAccess().getWorkspace(apiWorkspaceUri);
        if (workspace != null) {
            return this.accesscontrol.isMember(username, workspace.getId());
        }
        return false;
    }

    private void sendPasswordResetToken(String str, String str2, String str3) {
        String username = this.dmx.getPrivilegedAccess().getUsername(str);
        sendPasswordResetMail(createPasswordResetTokenData(username, str, str2, str3), username, str.trim(), str2);
    }

    private String createUserValidationToken(NewAccountData newAccountData, String str) {
        String uuid = UUID.randomUUID().toString();
        Instant calculateTokenExpiration = calculateTokenExpiration();
        this.newAccountTokenData.put(uuid, new NewAccountTokenData(newAccountData, str, calculateTokenExpiration));
        log.log(Level.INFO, "Set up key {0} for {1} sending confirmation mail valid till {3}", new Object[]{uuid, newAccountData.emailAddress, calculateTokenExpiration});
        return uuid;
    }

    private Instant calculateTokenExpiration() {
        return Instant.now().plus((TemporalAmount) SignUpConfigOptions.CONFIG_TOKEN_EXPIRATION_DURATION);
    }

    private String createPasswordResetTokenData(String str, String str2, String str3, String str4) {
        String uuid = UUID.randomUUID().toString();
        Instant calculateTokenExpiration = calculateTokenExpiration();
        this.passwordResetTokenData.put(uuid, new PasswordResetTokenData(new NewAccountData(str, str2, str3), calculateTokenExpiration, str4));
        log.log(Level.INFO, "Set up password reset token data with token {0} for email address {1} valid until {3}", new Object[]{uuid, str2, calculateTokenExpiration});
        return uuid;
    }

    private void createApiMembershipRequestNoteAssociation(Topic topic, Topic topic2) {
        this.dmx.getPrivilegedAccess().assignToWorkspace(this.dmx.createAssoc(this.mf.newAssocModel("dmx.core.association", this.mf.newTopicPlayerModel(topic.getId(), "dmx.core.default"), this.mf.newTopicPlayerModel(topic2.getId(), "dmx.core.default"))), this.dmx.getPrivilegedAccess().getSystemWorkspaceId());
        log.info("Request for new custom API Workspace Membership by user \"" + topic.getSimpleValue().toString() + "\"");
        sendSystemMailboxNotification(this.emailTextProducer.getApiUsageRequestedSubject(), this.emailTextProducer.getApiUsageRequestedMessage(topic.getSimpleValue().toString()));
    }

    private void createApiWorkspaceMembership(Topic topic) {
        String apiWorkspaceUri = this.activeModuleConfiguration.getApiWorkspaceUri();
        if (apiWorkspaceUri.isEmpty() || apiWorkspaceUri.equals("undefined")) {
            log.info("No API Workspace Configured: You must enter the URI of a programmatically created workspace topic into your current \"Signup Configuration\".");
            return;
        }
        Topic workspace = this.dmx.getPrivilegedAccess().getWorkspace(apiWorkspaceUri);
        if (workspace != null) {
            log.info("Request for new custom API Workspace Membership by user \"" + topic.getSimpleValue().toString() + "\"");
            this.accesscontrol.createMembership(topic.getSimpleValue().toString(), workspace.getId());
            return;
        }
        log.info("Revoke Request for API Workspace Membership by user \"" + topic.getSimpleValue().toString() + "\"");
        if (!this.accesscontrol.isMember(topic.getSimpleValue().toString(), workspace.getId())) {
            log.info("Skipped Revoke Request for non-existent API Workspace Membership for \"" + topic.getSimpleValue().toString() + "\"");
        } else {
            this.dmx.deleteAssoc(getMembershipAssociation(topic.getId(), workspace.getId()).getId());
        }
    }

    private void reloadAssociatedSignupConfiguration() {
        this.activeModuleConfiguration = loadConfiguration();
        if (!this.activeModuleConfiguration.isValid()) {
            log.warning("Could not load associated Sign-up Plugin Configuration Topic during init/postUpdate");
            return;
        }
        this.activeModuleConfiguration.reload();
        this.customWorkspaceAssignmentTopic = this.activeModuleConfiguration.getCustomWorkspaceAssignmentTopic();
        if (this.customWorkspaceAssignmentTopic != null) {
            log.info("Configured Custom Sign-up Workspace => \"" + this.customWorkspaceAssignmentTopic.getSimpleValue() + "\"");
        }
        log.log(Level.INFO, "Sign-up Configuration Loaded (URI=\"{0}\"), Name=\"{1}\"", new Object[]{this.activeModuleConfiguration.getConfigurationUri(), this.activeModuleConfiguration.getConfigurationName()});
    }

    private void sendConfirmationMail(String str, String str2, String str3) {
        try {
            if (SignUpConfigOptions.DMX_ACCOUNTS_ENABLED) {
                sendMail(this.emailTextProducer.getConfirmationActiveMailSubject(), this.emailTextProducer.getConfirmationActiveMailMessage(str2, str), str3);
            } else {
                sendMail(this.emailTextProducer.getConfirmationProceedMailSubject(), this.emailTextProducer.getUserConfirmationProceedMailMessage(str2, str), str3);
            }
        } catch (RuntimeException e) {
            throw new RuntimeException("There seems to be an issue with your mail (SMTP) setup, we FAILED sending out the 'confirmation mail'", e);
        }
    }

    private void sendPasswordResetMail(String str, String str2, String str3, String str4) {
        String str5;
        if (str4 != null) {
            try {
                if (!str4.isEmpty()) {
                    str5 = str4;
                    sendMail(this.emailTextProducer.getPasswordResetMailSubject(), this.emailTextProducer.getPasswordResetMailMessage(str5, str), str3);
                }
            } catch (RuntimeException e) {
                throw new RuntimeException("There seems to be an issue with your mail (SMTP) setup, we FAILED sending out the 'password reset' mail", e);
            }
        }
        str5 = str2;
        sendMail(this.emailTextProducer.getPasswordResetMailSubject(), this.emailTextProducer.getPasswordResetMailMessage(str5, str), str3);
    }

    private void sendNotificationMail(String str, String str2) {
        try {
            sendMail(this.emailTextProducer.getAccountCreationSystemEmailSubject(), this.emailTextProducer.getAccountCreationSystemEmailMessage(str, str2), SignUpConfigOptions.CONFIG_ADMIN_MAILBOX);
        } catch (Exception e) {
            throw new RuntimeException("There seems to be an issue with your mail (SMTP) setup, we FAILED notifying the 'system mailbox' about account creation", e);
        }
    }

    private void sendMail(String str, String str2, String str3) {
        String str4 = SignUpConfigOptions.CONFIG_FROM_MAILBOX;
        boolean isHtml = this.emailTextProducer.isHtml();
        this.sendmail.doEmailRecipientAs(str4, "TODO", str, isHtml ? null : str2, isHtml ? str2 : null, str3);
    }

    private Assoc getMembershipAssociation(long j, long j2) {
        return this.dmx.getAssocBetweenTopicAndTopic("dmx.core.association", j, j2, "dmx.core.default", "dmx.core.default");
    }

    private ModuleConfiguration loadConfiguration() {
        return new ModuleConfiguration(this.dmx.getTopicByUri("dmx.signup.default_configuration"));
    }

    @Override // systems.dmx.signup.SignupService
    public ModuleConfiguration getConfiguration() {
        return this.activeModuleConfiguration;
    }

    @Override // systems.dmx.signup.SignupService
    public List<String> getAuthorizationMethods() {
        HashMap hashMap = new HashMap();
        HashSet<String> hashSet = new HashSet(this.accesscontrol.getAuthorizationMethods());
        hashSet.add("Basic");
        for (String str : hashSet) {
            hashMap.put(str.toLowerCase(), str);
        }
        ArrayList arrayList = new ArrayList();
        if (SignUpConfigOptions.CONFIG_RESTRICT_AUTH_METHODS.trim().length() > 0) {
            for (String str2 : SignUpConfigOptions.CONFIG_RESTRICT_AUTH_METHODS.split(",")) {
                String str3 = (String) hashMap.get(str2.trim().toLowerCase());
                if (str3 != null) {
                    arrayList.add(str3);
                }
            }
        } else {
            arrayList.addAll(hashSet);
        }
        return arrayList;
    }

    private void transactional(Runnable runnable) {
        DMXTransaction beginTx = this.dmx.beginTx();
        try {
            try {
                runnable.run();
                beginTx.success();
                beginTx.finish();
            } finally {
            }
        } catch (Throwable th) {
            beginTx.finish();
            throw th;
        }
    }

    public void postLoginUser(String str) {
        String str2 = this.deferredDisplayName.get(str);
        if (!this.accesscontrol.getUsername().equals(str) || str2 == null) {
            return;
        }
        log.info("Handling deferred display name for user " + str);
        transactional(() -> {
            try {
                setupDisplayName(str, str2);
                this.deferredDisplayName.remove(str);
            } catch (Exception e) {
                throw new RuntimeException("Failed to set up the deferred username for " + str, e);
            }
        });
    }
}
