package com.e2eq.framework.rest.resources;

import com.e2eq.framework.model.persistent.morphia.CredentialRepo;
import com.e2eq.framework.model.persistent.security.CredentialUserIdPassword;
import com.e2eq.framework.rest.models.ChangePasswordRequest;
import com.e2eq.framework.rest.models.FileUpload;
import com.e2eq.framework.rest.models.RestError;
import com.e2eq.framework.util.EncryptionUtils;
import jakarta.annotation.security.RolesAllowed;
import jakarta.ws.rs.BeanParam;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DefaultValue;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriInfo;
import java.util.List;
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;

@RolesAllowed({"user", "admin"})
@Tag(name = "user", description = "Operations related to managing users")
@Path("/user/credentials")
/* loaded from: input_file:com/e2eq/framework/rest/resources/CredentialsResource.class */
public class CredentialsResource extends BaseResource<CredentialUserIdPassword, CredentialRepo> {
    CredentialsResource(CredentialRepo credentialRepo) {
        super(credentialRepo);
    }

    @Override // com.e2eq.framework.rest.resources.BaseResource
    @RolesAllowed({"admin"})
    public Response importCSVList(@Context UriInfo uriInfo, @BeanParam FileUpload fileUpload, @Parameter(description = "The character that must be used to separate fields of the same record") @QueryParam("fieldSeparator") @DefaultValue(",") String str, @Parameter(description = "The choice of strategy for quoting columns. One of \"QUOTE_WHERE_ESSENTIAL\" or \"QUOTE_ALL_COLUMNS\"") @QueryParam("quotingStrategy") @DefaultValue("QUOTE_WHERE_ESSENTIAL") String str2, @Parameter(description = "The character that is used to surround the values of specific (or all) fields") @QueryParam("quoteChar") @DefaultValue("\"") String str3, @Parameter(description = "Whether to skip the header row in the CSV file") @QueryParam("skipHeaderRow") @DefaultValue("true") boolean z, @Parameter(description = "The charset encoding to use for the file") @QueryParam("charsetEncoding") @DefaultValue("UTF-8-without-BOM") String str4, @Parameter(description = "A non-empty list of the names of the columns expected in the CSV file that map to the model fields") @QueryParam("requestedColumns") List<String> list) {
        return super.importCSVList(uriInfo, fileUpload, str, str2, str3, z, str4, list);
    }

    @Produces({"application/json"})
    @POST
    @RolesAllowed({"user", "admin"})
    @Path("changePassword")
    @Consumes({"application/json"})
    public Response changePassword(SecurityContext securityContext, ChangePasswordRequest changePasswordRequest) {
        if (!changePasswordRequest.getConfirmPassword().equals(changePasswordRequest.getNewPassword())) {
            return Response.status(Response.Status.BAD_REQUEST).entity("Passwords do not match password not changed").build();
        }
        if (securityContext.isUserInRole("admin")) {
            ((CredentialRepo) this.repo).findByUserId(changePasswordRequest.getUserId()).ifPresent(credentialUserIdPassword -> {
                credentialUserIdPassword.setPasswordHash(EncryptionUtils.hashPassword(changePasswordRequest.getNewPassword()));
                ((CredentialRepo) this.repo).save((CredentialRepo) credentialUserIdPassword);
            });
        } else {
            if (!securityContext.isUserInRole("user")) {
                throw new RuntimeException("Bad Request: User is neither an admin or a user aborting");
            }
            if (!securityContext.getUserPrincipal().getName().equals(changePasswordRequest.getUserId())) {
                return Response.status(Response.Status.BAD_REQUEST).entity(RestError.builder().status(Response.Status.BAD_REQUEST.getStatusCode()).statusMessage("Bad Request: User not authorized to change password, UserId was not the principal name").reasonMessage("User not authorized to change password, UserId was not the principal name").debugMessage("User not authorized to change password: PrincipalId:" + securityContext.getUserPrincipal().getName() + " passed userId:" + changePasswordRequest.getUserId() + " not matching").build()).build();
            }
            ((CredentialRepo) this.repo).findByUserId(changePasswordRequest.getUserId()).ifPresent(credentialUserIdPassword2 -> {
                credentialUserIdPassword2.setPasswordHash(EncryptionUtils.hashPassword(changePasswordRequest.getNewPassword()));
                ((CredentialRepo) this.repo).save((CredentialRepo) credentialUserIdPassword2);
            });
        }
        return Response.status(Response.Status.OK).entity("Password changed").build();
    }
}
