package com.atlassian.jira.rest.v2.issue;

import com.atlassian.annotations.ExperimentalApi;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.application.ApplicationRoleManager;
import com.atlassian.jira.avatar.AvatarService;
import com.atlassian.jira.avatar.JiraAvatarSupport;
import com.atlassian.jira.bc.security.login.LoginReason;
import com.atlassian.jira.bc.security.login.LoginResult;
import com.atlassian.jira.bc.security.login.LoginService;
import com.atlassian.jira.event.user.UserProfileUpdatedEvent;
import com.atlassian.jira.exception.PermissionException;
import com.atlassian.jira.issue.fields.rest.json.beans.JiraBaseUrls;
import com.atlassian.jira.plugin.user.PasswordPolicyManager;
import com.atlassian.jira.rest.api.http.CacheControl;
import com.atlassian.jira.rest.api.util.ErrorCollection;
import com.atlassian.jira.rest.exception.BadRequestWebException;
import com.atlassian.jira.rest.exception.ForbiddenWebException;
import com.atlassian.jira.rest.exception.NotAuthorisedWebException;
import com.atlassian.jira.rest.exception.NotFoundWebException;
import com.atlassian.jira.rest.exception.ServerErrorWebException;
import com.atlassian.jira.rest.v2.admin.applicationrole.ApplicationRoleBeanConverter;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.timezone.TimeZoneManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.DelegatingApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.util.EmailFormatter;
import com.atlassian.jira.util.I18nHelper;
import com.google.common.collect.ImmutableList;
import com.opensymphony.util.TextUtils;
import java.util.Collection;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("myself")
@Consumes({"application/json"})
@Produces({"application/json"})
@ExperimentalApi
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-rest-plugin-7.0.0-QR20150729161340.jar:com/atlassian/jira/rest/v2/issue/CurrentUserResource.class */
public class CurrentUserResource {
    private static final int MAX_LENGTH = 255;
    private final Logger log = LoggerFactory.getLogger((Class<?>) CurrentUserResource.class);
    private final UserUtil userUtil;
    private final UserManager userManager;
    private final PasswordPolicyManager passwordPolicyManager;
    private final EventPublisher eventPublisher;
    private final I18nHelper i18n;
    private final EmailFormatter emailFormatter;
    private final JiraAuthenticationContext authContext;
    private final TimeZoneManager timeZoneManager;
    private final AvatarService avatarService;
    private final JiraBaseUrls jiraBaseUrls;
    private final LoginService loginService;
    private final I18nHelper.BeanFactory beanFactory;
    private final JiraAvatarSupport jiraAvatarSupport;
    private final ApplicationRoleManager applicationRoleManager;
    private final ApplicationRoleBeanConverter applicationRoleBeanConverter;

    public CurrentUserResource(UserUtil userUtil, UserManager userManager, PasswordPolicyManager passwordPolicyManager, EventPublisher eventPublisher, I18nHelper i18nHelper, EmailFormatter emailFormatter, JiraAuthenticationContext jiraAuthenticationContext, TimeZoneManager timeZoneManager, AvatarService avatarService, JiraBaseUrls jiraBaseUrls, LoginService loginService, I18nHelper.BeanFactory beanFactory, JiraAvatarSupport jiraAvatarSupport, ApplicationRoleBeanConverter applicationRoleBeanConverter, ApplicationRoleManager applicationRoleManager) {
        this.userManager = userManager;
        this.passwordPolicyManager = passwordPolicyManager;
        this.eventPublisher = eventPublisher;
        this.jiraBaseUrls = jiraBaseUrls;
        this.userUtil = userUtil;
        this.i18n = i18nHelper;
        this.emailFormatter = emailFormatter;
        this.authContext = jiraAuthenticationContext;
        this.timeZoneManager = timeZoneManager;
        this.avatarService = avatarService;
        this.beanFactory = beanFactory;
        this.loginService = loginService;
        this.jiraAvatarSupport = jiraAvatarSupport;
        this.applicationRoleManager = applicationRoleManager;
        this.applicationRoleBeanConverter = applicationRoleBeanConverter;
    }

    @GET
    public Response getUser() {
        ApplicationUser user = this.authContext.getUser();
        if (user == null) {
            throw new NotAuthorisedWebException(ErrorCollection.of(this.i18n.getText("rest.authentication.no.user.logged.in")));
        }
        return createUserResponse(user);
    }

    @PUT
    public Response updateUser(UserWriteBean userWriteBean) {
        ApplicationUser user = this.authContext.getUser();
        if (user == null) {
            throw new NotAuthorisedWebException(ErrorCollection.of(this.i18n.getText("rest.authentication.no.user.logged.in")));
        }
        String password = userWriteBean.getPassword();
        if (StringUtils.isBlank(password)) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("rest.myself.error.password.cannot.be.empty")));
        }
        if (StringUtils.isBlank(userWriteBean.getEmailAddress()) && StringUtils.isBlank(userWriteBean.getDisplayName())) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("rest.myself.error.no.value.found.to.be.changed")));
        }
        if (StringUtils.length(userWriteBean.getDisplayName()) > 255) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("rest.myself.error.field.too.long", "displayName", Integer.toString(255))));
        }
        if (StringUtils.length(userWriteBean.getEmailAddress()) > 255) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("rest.myself.error.field.too.long", "emailAddress", Integer.toString(255))));
        }
        if (StringUtils.isNotBlank(userWriteBean.getEmailAddress()) && !TextUtils.verifyEmail(userWriteBean.getEmailAddress())) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("admin.errors.invalid.email")));
        }
        if (!this.userManager.canUpdateUser(user)) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("admin.errors.cannot.edit.user.directory.read.only")));
        }
        checkAuthentication(user, password);
        ImmutableUser.Builder newUser = ImmutableUser.newUser(user.getDirectoryUser());
        newUser.emailAddress((String) StringUtils.defaultIfBlank(userWriteBean.getEmailAddress(), user.getEmailAddress()));
        newUser.displayName((String) StringUtils.defaultIfBlank(userWriteBean.getDisplayName(), user.getDisplayName()));
        this.userManager.updateUser(new DelegatingApplicationUser(user.getId(), user.getKey(), newUser.toUser()));
        String key = user.getKey();
        ApplicationUser userByKey = this.userUtil.getUserByKey(key);
        if (userByKey == null) {
            throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("rest.user.error.not.found.with.key", key)));
        }
        this.eventPublisher.publish(new UserProfileUpdatedEvent(userByKey, userByKey));
        return createUserResponse(userByKey);
    }

    private void checkAuthentication(ApplicationUser applicationUser, String str) {
        switch (getLoginResultReason(applicationUser, str)) {
            case OK:
            default:
                return;
            case AUTHENTICATION_DENIED:
                throw new NotAuthorisedWebException(ErrorCollection.of(this.i18n.getText("changepassword.elevated.authorisation.required")));
            case AUTHORISATION_FAILED:
            case AUTHENTICATED_FAILED:
                throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.could.not.find.user")));
        }
    }

    private LoginReason getLoginResultReason(ApplicationUser applicationUser, String str) {
        try {
            LoginResult authenticate = this.loginService.authenticate(applicationUser, str);
            if (authenticate == null) {
                this.log.debug("An error occurred while authenticating user {}: Could not authenticate user.", applicationUser.getName());
                throw new ServerErrorWebException(ErrorCollection.of(this.i18n.getText("rest.error.internal")));
            }
            LoginReason reason = authenticate.getReason();
            if (reason != null) {
                return reason;
            }
            this.log.debug("An error occurred while authenticating user {}: Missing authorisation operation reason.", applicationUser.getName());
            throw new ServerErrorWebException(ErrorCollection.of(this.i18n.getText("rest.error.internal")));
        } catch (Exception e) {
            this.log.debug("An error occurred while authenticating user {}: {}", applicationUser.getName(), e.getMessage());
            throw new ServerErrorWebException(ErrorCollection.of(this.i18n.getText("rest.error.internal")));
        }
    }

    @Path("password")
    @PUT
    public Response changeMyPassword(PasswordBean passwordBean) {
        ApplicationUser user = this.authContext.getUser();
        if (user == null) {
            throw new NotAuthorisedWebException(ErrorCollection.of(this.i18n.getText("rest.authentication.no.user.logged.in")));
        }
        String password = passwordBean.getPassword();
        String currentPassword = passwordBean.getCurrentPassword();
        if (StringUtils.isBlank(password)) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.new.password.required")));
        }
        if (!this.passwordPolicyManager.checkPolicy(user, currentPassword, password).isEmpty()) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.new.password.rejected")));
        }
        checkAuthentication(user, currentPassword);
        try {
            this.userUtil.changePassword(user, password);
            return Response.noContent().cacheControl(CacheControl.never()).build();
        } catch (InvalidCredentialException e) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.new.password.rejected")));
        } catch (OperationNotPermittedException e2) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("admin.errors.cannot.edit.user.directory.read.only")));
        } catch (UserNotFoundException e3) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.could.not.find.user")));
        } catch (PermissionException e4) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("admin.errors.cannot.edit.user.directory.read.only")));
        }
    }

    private Response createUserResponse(ApplicationUser applicationUser) {
        return Response.ok(new UserBeanBuilder(this.jiraBaseUrls, this.jiraAvatarSupport).user(applicationUser).groups(ImmutableList.copyOf((Collection) this.userUtil.getGroupNamesForUser(applicationUser.getUsername()))).loggedInUser(applicationUser).emailFormatter(this.emailFormatter).timeZone(this.timeZoneManager.getTimeZoneforUser(applicationUser)).avatarService(this.avatarService).i18nBeanFactory(this.beanFactory).applicationRoles(this.applicationRoleManager.rolesEnabled() ? this.applicationRoleManager.getRolesForUser(applicationUser) : null).buildFull(this.applicationRoleBeanConverter)).cacheControl(CacheControl.never()).build();
    }
}
