package org.egov.user.domain.service;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.egov.common.contract.request.RequestInfo;
import org.egov.common.contract.response.ResponseInfo;
import org.egov.tracer.model.CustomException;
import org.egov.user.config.UserServiceConstants;
import org.egov.user.domain.exception.AtleastOneRoleCodeException;
import org.egov.user.domain.exception.DuplicateUserNameException;
import org.egov.user.domain.exception.InvalidOtpException;
import org.egov.user.domain.exception.InvalidUpdatePasswordRequestException;
import org.egov.user.domain.exception.OtpValidationPendingException;
import org.egov.user.domain.exception.UserNameNotValidException;
import org.egov.user.domain.exception.UserNotFoundException;
import org.egov.user.domain.exception.UserProfileUpdateDeniedException;
import org.egov.user.domain.model.LoggedInUserUpdatePasswordRequest;
import org.egov.user.domain.model.NonLoggedInUserUpdatePasswordRequest;
import org.egov.user.domain.model.User;
import org.egov.user.domain.model.UserFeedback;
import org.egov.user.domain.model.UserSearchCriteria;
import org.egov.user.domain.model.ValidateUserRegister;
import org.egov.user.domain.model.enums.UserType;
import org.egov.user.persistence.dto.FailedLoginAttempt;
import org.egov.user.persistence.repository.FileStoreRepository;
import org.egov.user.persistence.repository.OtpRepository;
import org.egov.user.persistence.repository.UserFeedbackRepository;
import org.egov.user.persistence.repository.UserRepository;
import org.egov.user.web.contract.Otp;
import org.egov.user.web.contract.OtpValidateRequest;
import org.egov.user.web.contract.ResponseInfoWrapper;
import org.egov.user.web.contract.UserFeedbackRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.stereotype.Service;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestTemplate;

@Service
/* loaded from: input_file:BOOT-INF/classes/org/egov/user/domain/service/UserService.class */
public class UserService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserService.class);
    private final ObjectMapper objectMapper;
    private UserRepository userRepository;
    private OtpRepository otpRepository;
    private PasswordEncoder passwordEncoder;
    private int defaultPasswordExpiryInDays;
    private boolean isCitizenLoginOtpBased;
    private boolean isEmployeeLoginOtpBased;
    private FileStoreRepository fileRepository;
    private TokenStore tokenStore;
    private UserFeedbackRepository userFeedbackRepository;

    @Value("${egov.user.host}")
    private String userHost;

    @Value("${account.unlock.cool.down.period.minutes}")
    private Long accountUnlockCoolDownPeriod;

    @Value("${max.invalid.login.attempts.period.minutes}")
    private Long maxInvalidLoginAttemptsPeriod;

    @Value("${max.invalid.login.attempts}")
    private Long maxInvalidLoginAttempts;

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private EmailService emailService;

    public UserService(UserRepository userRepository, OtpRepository otpRepository, FileStoreRepository fileStoreRepository, PasswordEncoder passwordEncoder, TokenStore tokenStore, ObjectMapper objectMapper, UserFeedbackRepository userFeedbackRepository, @Value("${default.password.expiry.in.days}") int i, @Value("${citizen.login.password.otp.enabled}") boolean z, @Value("${employee.login.password.otp.enabled}") boolean z2) {
        this.userRepository = userRepository;
        this.otpRepository = otpRepository;
        this.passwordEncoder = passwordEncoder;
        this.defaultPasswordExpiryInDays = i;
        this.isCitizenLoginOtpBased = z;
        this.isEmployeeLoginOtpBased = z2;
        this.fileRepository = fileStoreRepository;
        this.tokenStore = tokenStore;
        this.objectMapper = objectMapper;
        this.userFeedbackRepository = userFeedbackRepository;
    }

    public User getUniqueUser(String str, String str2, UserType userType) {
        UserSearchCriteria build = UserSearchCriteria.builder().userName(str).tenantId(getStateLevelTenantForCitizen(str2, userType)).type(userType).build();
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2) || Objects.isNull(userType)) {
            log.error("Invalid lookup, mandatory fields are absent");
            throw new UserNotFoundException(build);
        }
        List<User> findAll = this.userRepository.findAll(build);
        if (findAll.isEmpty()) {
            throw new CustomException("UserNotFoundException", "Incorrect username or password");
        }
        if (findAll.size() > 1) {
            throw new DuplicateUserNameException(build);
        }
        return findAll.get(0);
    }

    public User getUniqueUserPasswordReset(String str) {
        UserType userType = UserType.OTHER;
        UserSearchCriteria build = UserSearchCriteria.builder().userName(str).tenantId("in.amplify").type(userType).build();
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty("in.amplify") || Objects.isNull(userType)) {
            log.error("Invalid lookup, mandatory fields are absent");
            throw new UserNotFoundException(build);
        }
        List<User> findAll = this.userRepository.findAll(build);
        if (findAll.isEmpty()) {
            throw new CustomException("UserNotFoundForPasswordResetException", "User not found for password reset");
        }
        if (findAll.size() > 1) {
            throw new CustomException("UserNotFoundForPasswordResetException", "User not found for password reset");
        }
        return findAll.get(0);
    }

    public User getRegisterUser(String str, String str2, UserType userType) {
        UserSearchCriteria build = UserSearchCriteria.builder().userName(str).tenantId(getStateLevelTenantForCitizen(str2, userType)).type(userType).build();
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2) || Objects.isNull(userType)) {
            log.error("Invalid lookup, mandatory fields are absent");
            throw new UserNotFoundException(build);
        }
        List<User> findAllRegister = this.userRepository.findAllRegister(build);
        if (findAllRegister.isEmpty()) {
            throw new CustomException("UserNotFoundException", "Incorrect username or password");
        }
        if (findAllRegister.size() > 1) {
            throw new DuplicateUserNameException(build);
        }
        return findAllRegister.get(0);
    }

    public Long getCount() {
        return this.userRepository.getCount();
    }

    public User getUserByUuid(String str) {
        UserSearchCriteria build = UserSearchCriteria.builder().uuid(Collections.singletonList(str)).build();
        if (StringUtils.isEmpty(str)) {
            log.error("UUID is mandatory");
            throw new UserNotFoundException(build);
        }
        List<User> findAll = this.userRepository.findAll(build);
        if (findAll.isEmpty()) {
            throw new UserNotFoundException(build);
        }
        return findAll.get(0);
    }

    public List<User> searchUsers(UserSearchCriteria userSearchCriteria, boolean z) {
        userSearchCriteria.validate(z);
        userSearchCriteria.setTenantId(getStateLevelTenantForCitizen(userSearchCriteria.getTenantId(), userSearchCriteria.getType()));
        return this.userRepository.findAll(userSearchCriteria);
    }

    public User createUser(User user) {
        user.setUuid(UUID.randomUUID().toString());
        user.validateNewUser();
        validateUserUniqueness(user);
        validateUserRegisterUniqueness(user);
        user.validatePassword();
        if (StringUtils.isEmpty(user.getPassword())) {
            user.setPassword(UUID.randomUUID().toString());
        }
        user.setPassword(encryptPwd(user.getPassword()));
        user.setDefaultPasswordExpiry(this.defaultPasswordExpiryInDays);
        user.setTenantId(getStateLevelTenantForCitizen(user.getTenantId(), user.getType()));
        return persistNewUser(user);
    }

    public ResponseEntity<ResponseInfoWrapper> createUserFeedback(UserFeedbackRequest userFeedbackRequest) {
        UserFeedback userFeedback = (UserFeedback) this.objectMapper.convertValue(userFeedbackRequest.getUserFeedback(), UserFeedback.class);
        userFeedback.setFname(userFeedbackRequest.getUserFeedback().getFname());
        userFeedback.setLname(userFeedbackRequest.getUserFeedback().getLname());
        userFeedback.setEmail(userFeedbackRequest.getUserFeedback().getEmail());
        userFeedback.setSubject(userFeedbackRequest.getUserFeedback().getSubject());
        userFeedback.setFeedback(userFeedbackRequest.getUserFeedback().getFeedback());
        userFeedback.setCategory(userFeedbackRequest.getUserFeedback().getCategory());
        persistNewUserFeedback(userFeedback);
        this.emailService.sendFeedbackMail(userFeedback);
        return new ResponseEntity<>(ResponseInfoWrapper.builder().responseInfo(ResponseInfo.builder().status("Success").build()).responseBody(userFeedback).build(), HttpStatus.CREATED);
    }

    private void validateUserUniqueness(User user) {
        System.out.println("User Detail - Username : " + user.getUsername() + " Tenant Id - " + user.getTenantId() + "User type - " + user.getType());
        if (this.userRepository.isUserPresent(user.getUsername())) {
            throw new DuplicateUserNameException(UserSearchCriteria.builder().userName(user.getUsername()).type(user.getType()).tenantId(user.getTenantId()).build());
        }
    }

    private void validateUserRegisterUniqueness(User user) {
        System.out.println("User Detail - Username : " + user.getUsername() + " Tenant Id - " + user.getTenantId() + "User type - " + user.getType());
        this.userRepository.isRegisterUserPresent(user.getUsername());
    }

    private String getStateLevelTenantForCitizen(String str, UserType userType) {
        return (Objects.isNull(userType) || !userType.equals(UserType.OTHER) || StringUtils.isEmpty(str) || !str.contains(".")) ? str : str.split("\\.")[0];
    }

    public User createCitizen(User user) {
        validateAndEnrichCitizen(user);
        return createUser(user);
    }

    private void validateAndEnrichCitizen(User user) {
        log.info("Validating User........");
        if (this.isCitizenLoginOtpBased && !StringUtils.isNumeric(user.getUsername())) {
            throw new UserNameNotValidException();
        }
        if (this.isCitizenLoginOtpBased) {
            user.setMobileNumber(user.getUsername());
        }
        user.setRoleToCitizen();
        user.setTenantId(getStateLevelTenantForCitizen(user.getTenantId(), user.getType()));
    }

    public Object registerWithLogin(User user) {
        user.setActive(true);
        createCitizen(user);
        return getAccess(user, user.getOtpReference());
    }

    private Object getAccess(User user, String str) {
        log.info("Fetch access token for register with login flow");
        try {
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
            httpHeaders.set("Authorization", "Basic ZWdvdi11c2VyLWNsaWVudDplZ292LXVzZXItc2VjcmV0");
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.add("username", user.getUsername());
            if (StringUtils.isEmpty(str)) {
                linkedMultiValueMap.add("password", user.getPassword());
            } else {
                linkedMultiValueMap.add("password", str);
            }
            linkedMultiValueMap.add("grant_type", "password");
            linkedMultiValueMap.add("scope", "read");
            linkedMultiValueMap.add("tenantId", user.getTenantId());
            linkedMultiValueMap.add("isInternal", "true");
            linkedMultiValueMap.add("userType", UserType.OTHER.name());
            return this.restTemplate.postForEntity(this.userHost + "/user/oauth/token", new HttpEntity(linkedMultiValueMap, httpHeaders), Map.class, new Object[0]).getBody();
        } catch (Exception e) {
            log.error("Error occurred while logging-in via register flow", (Throwable) e);
            throw e;
        }
    }

    private void conditionallyValidateOtp(User user) {
        if (user.isOtpValidationMandatory() && !validateOtp(user).booleanValue()) {
            throw new OtpValidationPendingException();
        }
    }

    public Boolean validateOtp(User user) {
        return Boolean.valueOf(this.otpRepository.validateOtp(OtpValidateRequest.builder().requestInfo(RequestInfo.builder().action("validate").ts(new Date()).build()).otp(Otp.builder().otp(user.getOtpReference()).identity(user.getMobileNumber()).tenantId(user.getTenantId()).userType(user.getType()).build()).build()));
    }

    public User updateWithoutOtpValidation(User user) {
        User userByUuid = getUserByUuid(user.getUuid());
        user.setTenantId("in.amplify");
        user.validateUserModification();
        user.setPassword(encryptPwd(user.getPassword()));
        this.userRepository.update(user, userByUuid);
        if (user.getAccountLocked() != null && !user.getAccountLocked().booleanValue() && userByUuid.getAccountLocked().booleanValue()) {
            resetFailedLoginAttempts(user);
        }
        return getUserByUuid(user.getUuid());
    }

    public void removeTokensByUser(User user) {
        for (OAuth2AccessToken oAuth2AccessToken : this.tokenStore.findTokensByClientIdAndUserName(UserServiceConstants.USER_CLIENT_ID, user.getUsername())) {
            if (oAuth2AccessToken.getAdditionalInformation() != null && oAuth2AccessToken.getAdditionalInformation().containsKey("UserRequest") && (oAuth2AccessToken.getAdditionalInformation().get("UserRequest") instanceof org.egov.user.web.contract.auth.User)) {
                org.egov.user.web.contract.auth.User user2 = (org.egov.user.web.contract.auth.User) oAuth2AccessToken.getAdditionalInformation().get("UserRequest");
                if (user.getUsername().equalsIgnoreCase(user2.getUserName()) && user.getTenantId().equalsIgnoreCase(user2.getTenantId()) && user.getType().equals(UserType.fromValue(user2.getType()))) {
                    this.tokenStore.removeAccessToken(oAuth2AccessToken);
                }
            }
        }
    }

    private void validateUserRoles(User user) {
        if (user.getRoles() == null || (user.getRoles() != null && user.getRoles().isEmpty())) {
            throw new AtleastOneRoleCodeException();
        }
    }

    public User partialUpdate(User user) {
        User userByUuid = getUserByUuid(user.getUuid());
        validateProfileUpdateIsDoneByTheSameLoggedInUser(user);
        user.nullifySensitiveFields();
        this.userRepository.update(user, userByUuid);
        return getUserByUuid(user.getUuid());
    }

    public void updatePasswordForLoggedInUser(LoggedInUserUpdatePasswordRequest loggedInUserUpdatePasswordRequest) {
        loggedInUserUpdatePasswordRequest.validate();
        User uniqueUser = getUniqueUser(loggedInUserUpdatePasswordRequest.getUserName(), loggedInUserUpdatePasswordRequest.getTenantId(), loggedInUserUpdatePasswordRequest.getType());
        if (uniqueUser.getType().toString().equals(UserType.CITIZEN.toString()) && this.isCitizenLoginOtpBased) {
            throw new InvalidUpdatePasswordRequestException();
        }
        if (uniqueUser.getType().toString().equals(UserType.EMPLOYEE.toString()) && this.isEmployeeLoginOtpBased) {
            throw new InvalidUpdatePasswordRequestException();
        }
        validateExistingPassword(uniqueUser, loggedInUserUpdatePasswordRequest.getExistingPassword());
        uniqueUser.updatePassword(encryptPwd(loggedInUserUpdatePasswordRequest.getNewPassword()));
        this.userRepository.update(uniqueUser, uniqueUser);
    }

    public void updatePasswordForNonLoggedInUser(NonLoggedInUserUpdatePasswordRequest nonLoggedInUserUpdatePasswordRequest) {
        nonLoggedInUserUpdatePasswordRequest.validate();
        User uniqueUser = getUniqueUser(nonLoggedInUserUpdatePasswordRequest.getUserName(), nonLoggedInUserUpdatePasswordRequest.getTenantId(), nonLoggedInUserUpdatePasswordRequest.getType());
        if (uniqueUser.getType().toString().equals(UserType.CITIZEN.toString()) && this.isCitizenLoginOtpBased) {
            log.info("CITIZEN forgot password flow is disabled");
            throw new InvalidUpdatePasswordRequestException();
        }
        if (uniqueUser.getType().toString().equals(UserType.EMPLOYEE.toString()) && this.isEmployeeLoginOtpBased) {
            log.info("EMPLOYEE forgot password flow is disabled");
            throw new InvalidUpdatePasswordRequestException();
        }
        if (uniqueUser.getType().toString().equals(UserType.OTHER.toString()) && this.isEmployeeLoginOtpBased) {
            log.info("OTHER forgot password flow is disabled");
            throw new InvalidUpdatePasswordRequestException();
        }
        uniqueUser.setOtpReference(nonLoggedInUserUpdatePasswordRequest.getOtpReference());
        if (!validateUserOtp(uniqueUser)) {
            throw new InvalidOtpException("Incorrect OTP! Please enter a valid OTP.");
        }
        uniqueUser.updatePassword(encryptPwd(nonLoggedInUserUpdatePasswordRequest.getNewPassword()));
        this.userRepository.updatePasswordUser(uniqueUser);
    }

    public void validateUserRegiser(ValidateUserRegister validateUserRegister) {
        validateUserRegister.validate();
        User registerUser = getRegisterUser(validateUserRegister.getUserName(), validateUserRegister.getTenantId(), validateUserRegister.getType());
        if (registerUser.getType().toString().equals(UserType.CITIZEN.toString()) && this.isCitizenLoginOtpBased) {
            log.info("CITIZEN forgot password flow is disabled");
            throw new InvalidUpdatePasswordRequestException();
        }
        if (registerUser.getType().toString().equals(UserType.EMPLOYEE.toString()) && this.isEmployeeLoginOtpBased) {
            log.info("EMPLOYEE forgot password flow is disabled");
            throw new InvalidUpdatePasswordRequestException();
        }
        if (registerUser.getType().toString().equals(UserType.OTHER.toString()) && this.isEmployeeLoginOtpBased) {
            log.info("OTHER forgot password flow is disabled");
            throw new InvalidUpdatePasswordRequestException();
        }
        registerUser.setOtpReference(validateUserRegister.getOtpReference());
        if (!validateUserOtp(registerUser)) {
            throw new InvalidOtpException("Incorrect OTP! Please enter a valid OTP.");
        }
        registerUser.setActive(true);
        registerUser.setTenantId("in.amplify");
        this.userRepository.updateRegisterUser(registerUser);
    }

    private boolean validateUserOtp(User user) {
        return user.getOtpReference().equals(user.getOtprequest());
    }

    public void resetFailedLoginAttempts(User user) {
        if (user.getUuid() != null) {
            this.userRepository.resetFailedLoginAttemptsForUser(user.getUuid());
        }
    }

    public boolean isAccountUnlockAble(User user) {
        if (!user.getAccountLocked().booleanValue()) {
            return true;
        }
        boolean z = System.currentTimeMillis() - user.getAccountLockedDate().longValue() > TimeUnit.MINUTES.toMillis(this.accountUnlockCoolDownPeriod.longValue());
        log.info("Account eligible for unlock - " + z);
        log.info("Current time {}, last lock time {} , cool down period {} ", Long.valueOf(System.currentTimeMillis()), user.getAccountLockedDate(), Long.valueOf(TimeUnit.MINUTES.toMillis(this.accountUnlockCoolDownPeriod.longValue())));
        return z;
    }

    public void handleFailedLogin(User user, String str) {
        if (Objects.isNull(user.getUuid())) {
            return;
        }
        if (this.userRepository.fetchFailedAttemptsByUserAndTime(user.getUuid(), System.currentTimeMillis() - TimeUnit.MINUTES.toMillis(this.maxInvalidLoginAttemptsPeriod.longValue())).size() + 1 < this.maxInvalidLoginAttempts.longValue()) {
            this.userRepository.insertFailedLoginAttempt(new FailedLoginAttempt(user.getUuid(), str, System.currentTimeMillis(), true));
            return;
        }
        User updateWithoutOtpValidation = updateWithoutOtpValidation(user.toBuilder().accountLocked(true).password(null).accountLockedDate(Long.valueOf(System.currentTimeMillis())).build());
        removeTokensByUser(updateWithoutOtpValidation);
        log.info("Locked account with uuid {} for {} minutes as exceeded max allowed attempts of {} within {} minutes", updateWithoutOtpValidation.getUuid(), this.accountUnlockCoolDownPeriod, this.maxInvalidLoginAttempts, this.maxInvalidLoginAttemptsPeriod);
        throw new OAuth2Exception("Account locked");
    }

    private void validateExistingPassword(User user, String str) {
        if (!this.passwordEncoder.matches(str, user.getPassword())) {
            throw new CustomException("PasswordMismatchException", "Incorrect current password");
        }
    }

    private void validateProfileUpdateIsDoneByTheSameLoggedInUser(User user) {
        if (user.isLoggedInUserDifferentFromUpdatedUser()) {
            throw new UserProfileUpdateDeniedException();
        }
    }

    String encryptPwd(String str) {
        if (Objects.isNull(str)) {
            return null;
        }
        return this.passwordEncoder.encode(str);
    }

    private User persistNewUser(User user) {
        return this.userRepository.create(user);
    }

    private UserFeedback persistNewUserFeedback(UserFeedback userFeedback) {
        System.out.println("User Feedback Data : " + userFeedback.toString());
        return this.userFeedbackRepository.create(userFeedback);
    }
}
