package com.digiwin.dap.middleware.iam.api;

import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middle.ram.domain.enums.TargetType;
import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.commons.core.codec.Base64;
import com.digiwin.dap.middleware.commons.crypto.AES;
import com.digiwin.dap.middleware.commons.crypto.DigestUtils;
import com.digiwin.dap.middleware.domain.StdData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.user.ResetPasswordVO;
import com.digiwin.dap.middleware.iam.domain.user.UpdatePasswordByAccountVO;
import com.digiwin.dap.middleware.iam.domain.user.UpdatePasswordByIdVO;
import com.digiwin.dap.middleware.iam.domain.user.UpdatePasswordByOldPasswordVO;
import com.digiwin.dap.middleware.iam.domain.user.UserAccountPasswordVO;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.service.user.UpdatePasswordService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInTenantCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserService;
import com.digiwin.dap.middleware.iam.support.remote.LdapService;
import com.digiwin.dap.middleware.iam.support.remote.MessageService;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.iam.util.vlidator.PasswordValidator;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.digiwin.dap.middleware.util.UserUtils;
import java.util.Objects;
import javax.validation.Valid;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2/user"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/UserPasswordController.class */
public class UserPasswordController {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) UserPasswordController.class);

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private UpdatePasswordService updatePasswordService;

    @Autowired
    private LdapService ldapService;

    @Autowired
    private UserService userService;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private AuthValidateService authValidateService;

    @Autowired
    private MessageService messageService;

    @Autowired
    private UserInTenantCrudService userInTenantCrudService;

    @PostMapping({"/update/password"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> updatePassword(@RequestBody UpdatePasswordByIdVO updatePasswordByIdVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        String decrypt;
        String decrypt2;
        if (!authoredUser.getUserId().equalsIgnoreCase(updatePasswordByIdVO.getId())) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_AUTHORIZATION_ERROR);
        }
        try {
            decrypt = AES.decrypt(updatePasswordByIdVO.getOldPassword(), KeyConstant.WECHAT_UNION_ID);
            decrypt2 = AES.decrypt(updatePasswordByIdVO.getNewPassword(), KeyConstant.WECHAT_UNION_ID);
        } catch (Exception e) {
            if (!this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/user/update/password", UserUtils.getSysId()).booleanValue()) {
                throw new BusinessException(I18nError.PASSWORD_DECRYPTION_FAILED, e.getMessage());
            }
            logger.error("密码解析错误", (Throwable) e);
        }
        if (ObjectUtils.nullSafeEquals(decrypt, decrypt2)) {
            throw new BusinessException(I18nError.IAM_USER_PASSWORD_CHANGE_SAME);
        }
        if (PasswordValidator.validatePassword(decrypt2)) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_FORMAT_ERROR);
        }
        updatePasswordByIdVO.setOldPassword(decrypt);
        updatePasswordByIdVO.setNewPassword(decrypt2);
        updatePasswordByIdVO.setOldPasswordHash(DigestUtils.sha256(decrypt));
        updatePasswordByIdVO.setNewPasswordHash(DigestUtils.sha256(decrypt2));
        this.updatePasswordService.updatePasswordByOldPassword(updatePasswordByIdVO);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @PostMapping({"/password/update/without/captcha"})
    public ResponseEntity<?> updatePasswordWithoutVerificationCode(@RequestBody UpdatePasswordByOldPasswordVO updatePasswordByOldPasswordVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        String newPassword = updatePasswordByOldPasswordVO.getNewPassword();
        String oldPassword = updatePasswordByOldPasswordVO.getOldPassword();
        try {
            newPassword = AES.decrypt(newPassword, KeyConstant.WECHAT_UNION_ID);
            oldPassword = AES.decrypt(oldPassword, KeyConstant.WECHAT_UNION_ID);
        } catch (Exception e) {
            if (!this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/user/password/update/without/captcha", UserUtils.getSysId()).booleanValue()) {
                throw new BusinessException(I18nError.PASSWORD_DECRYPT_ERROR);
            }
            logger.error("密码解密失败", (Throwable) e);
        }
        if (PasswordValidator.validatePassword(newPassword)) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_FORMAT_ERROR);
        }
        User user = (User) this.userCrudService.findBySid(authoredUser.getSid());
        if (Objects.isNull(user)) {
            throw new BusinessException(I18nError.OPERATE_PASSWORD_USER_NOT_EXIST);
        }
        if (!Objects.equals(DigestUtils.sha256(oldPassword), user.getPassword())) {
            throw new BusinessException(I18nError.OPERATE_PASSWORD_USER_PASSWORD_ERROR);
        }
        this.updatePasswordService.updatePasswordCore(user, true, newPassword);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @PostMapping({"/update/password/force"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> forceUpdatePassword(@RequestBody UpdatePasswordByIdVO updatePasswordByIdVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.isTrue(authoredUser.getTenantSid() > 0, "当前登陆用户必须携带租户信息！");
        if (updatePasswordByIdVO.getSid() == 0 && Strings.isEmpty(updatePasswordByIdVO.getId())) {
            throw new IllegalArgumentException(IamConstants.ErrorMessage.NOT_EMPTY_TENANT_USER);
        }
        User findById = updatePasswordByIdVO.getSid() != 0 ? (User) this.userCrudService.findBySid(updatePasswordByIdVO.getSid()) : this.userCrudService.findById(updatePasswordByIdVO.getId());
        if (findById == null) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_USER_NOT_EXIST);
        }
        if (!authoredUser.getUserId().equals(findById.getId())) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_AUTHORIZATION_ERROR);
        }
        try {
        } catch (Exception e) {
            if (!this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/user/update/password/force", UserUtils.getSysId()).booleanValue()) {
                throw new BusinessException(I18nError.PASSWORD_DECRYPT_ERROR, e.getMessage());
            }
            logger.error("密码解析错误", (Throwable) e);
        }
        if (ObjectUtils.isEmpty(updatePasswordByIdVO.getNewPasswordHash())) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_NEW_EMPTY_ERROR);
        }
        if (ObjectUtils.isEmpty(updatePasswordByIdVO.getNewPassword())) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_NEW_EMPTY_ERROR);
        }
        if (PasswordValidator.validatePassword(updatePasswordByIdVO.getNewPassword())) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_FORMAT_ERROR);
        }
        this.updatePasswordService.updatePasswordCore(findById, true, updatePasswordByIdVO.getNewPassword());
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @PostMapping({"/password/update"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> updatePassword(@RequestBody UpdatePasswordByAccountVO updatePasswordByAccountVO) {
        String decrypt;
        if (StringUtils.isEmpty(updatePasswordByAccountVO.getAccount())) {
            throw new BusinessException(I18nError.USER_EMAIL_TELEPHONE_EMPTY);
        }
        if (StringUtils.isEmpty(updatePasswordByAccountVO.getPassword())) {
            throw new BusinessException(I18nError.USER_PASSWORD_EMPTY);
        }
        if (StringUtils.isEmpty(updatePasswordByAccountVO.getVerificationCode())) {
            throw new BusinessException(I18nError.USER_VERIFICATION_CODE_EMPTY);
        }
        try {
            decrypt = AES.decrypt(updatePasswordByAccountVO.getPassword(), KeyConstant.WECHAT_UNION_ID);
        } catch (Exception e) {
            if (!this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/user/password/update", UserUtils.getSysId()).booleanValue()) {
                throw new BusinessException(I18nError.PASSWORD_DECRYPTION_FAILED, e.getMessage());
            }
            logger.error("密码解密异常: {}", e.getMessage());
        }
        if (PasswordValidator.validatePassword(decrypt)) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_FORMAT_ERROR);
        }
        updatePasswordByAccountVO.setPassword(decrypt);
        this.updatePasswordService.updatePasswordByVerificationCode(updatePasswordByAccountVO);
        return new ResponseEntity<>(HttpStatus.OK);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @PostMapping({"/enterprise/password/reset"})
    public StdData resetUserEnterprisePassword(@Valid @RequestBody ResetPasswordVO resetPasswordVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (ObjectUtils.isEmpty(resetPasswordVO.getOperatorPassword())) {
            throw new BusinessException(I18nError.PARAM_MISS);
        }
        String targetUserPassword = resetPasswordVO.getTargetUserPassword();
        String operatorPassword = resetPasswordVO.getOperatorPassword();
        try {
            targetUserPassword = AES.decrypt(targetUserPassword, KeyConstant.WECHAT_UNION_ID);
            operatorPassword = StringUtils.hasLength(operatorPassword) ? AES.decrypt(operatorPassword, KeyConstant.WECHAT_UNION_ID) : null;
        } catch (Exception e) {
            if (!this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/user/enterprise/password/reset", UserUtils.getSysId()).booleanValue()) {
                throw new BusinessException(I18nError.PASSWORD_DECRYPT_ERROR);
            }
            logger.error("密码解析错误", (Throwable) e);
        }
        if (PasswordValidator.validatePassword(targetUserPassword)) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_FORMAT_ERROR);
        }
        User user = (User) this.userCrudService.findBySid(resetPasswordVO.getTargetUserSid().longValue());
        if (Objects.isNull(user)) {
            throw new BusinessException(I18nError.PASSWORD_UPDATE_USER_NOT_EXIST);
        }
        if (!this.userInTenantCrudService.existsByUnionKey(authoredUser.getTenantSid(), user.getSid()) && !this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/user/enterprise/password/reset", UserUtils.getSysId()).booleanValue()) {
            throw new BusinessException(I18nError.IAM_USER_PERMISSION_COMMON_ERROR, new Object[]{UserUtils.getUserName(), UserUtils.getUserId(), AppAuthContextHolder.getContext().getClientIP(), Base64.encode(JsonUtils.writeValue(resetPasswordVO))});
        }
        String userId = authoredUser.getUserId();
        if (!userId.contains("@") || !userId.toLowerCase().endsWith(IamConstants.DEFAULT_EMAIL)) {
            User user2 = (User) this.userCrudService.findBySid(authoredUser.getSid());
            if (Objects.isNull(user2)) {
                throw new BusinessException(I18nError.OPERATE_PASSWORD_USER_NOT_EXIST);
            }
            if (!(Objects.equals(DigestUtils.sha256(operatorPassword), user2.getPassword()) || (StringUtils.hasLength(user2.getSalt()) && Objects.equals(user2.getPassword(), DigestUtils.md5Hex(new StringBuilder().append(operatorPassword).append(user2.getSalt()).toString()))))) {
                throw new BusinessException(I18nError.OPERATE_PASSWORD_USER_PASSWORD_ERROR);
            }
        } else if (this.ldapService.checkAccount(userId.split("@")[0], operatorPassword, this.envProperties.getCountry()).getInfo() == null) {
            throw new BusinessException(I18nError.OPERATE_PASSWORD_USER_PASSWORD_ERROR);
        }
        user.setPassword(DigestUtils.sha256(targetUserPassword));
        user.setChanged(false);
        this.userCrudService.update(user);
        return StdData.ok().build();
    }

    @GetMapping({"/password/change/check"})
    public ResponseEntity<?> checkPasswordChange() {
        return ResponseEntity.ok(this.userService.checkPasswordChange());
    }

    @PostMapping({"/password/renewal"})
    public ResponseEntity<?> renewPassword() {
        this.userService.renewPassword();
        return ResponseEntity.ok(HttpStatus.OK);
    }

    @PostMapping({"/enterprise/account/password/send"})
    public StdData sendUserEnterpriseAccountPassword(@RequestBody UserAccountPasswordVO userAccountPasswordVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        userAccountPasswordVO.setTenantId(authoredUser.getTenantId());
        if ("dev".equalsIgnoreCase(authoredSys.getId())) {
            this.messageService.sendDevUserEnterpriseAccountPassword(userAccountPasswordVO);
        } else {
            this.messageService.sendUserEnterpriseAccountPassword(userAccountPasswordVO);
        }
        return StdData.ok().build();
    }
}
