package com.atlassian.jira.rest.v2.issue;

import com.atlassian.annotations.ExperimentalApi;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.avatar.AvatarService;
import com.atlassian.jira.bc.user.UserService;
import com.atlassian.jira.event.user.UserProfileUpdatedEvent;
import com.atlassian.jira.exception.PermissionException;
import com.atlassian.jira.issue.fields.rest.json.beans.JiraBaseUrls;
import com.atlassian.jira.plugin.user.PasswordPolicyManager;
import com.atlassian.jira.rest.api.http.CacheControl;
import com.atlassian.jira.rest.api.util.ErrorCollection;
import com.atlassian.jira.rest.exception.BadRequestWebException;
import com.atlassian.jira.rest.exception.ForbiddenWebException;
import com.atlassian.jira.rest.exception.NotFoundWebException;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.timezone.TimeZoneManager;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.util.EmailFormatter;
import com.atlassian.jira.util.I18nHelper;
import com.google.common.collect.ImmutableList;
import com.opensymphony.util.TextUtils;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;

@Path("myself")
@Consumes({"application/json"})
@Produces({"application/json"})
@ExperimentalApi
/* loaded from: input_file:com/atlassian/jira/rest/v2/issue/CurrentUserResource.class */
public class CurrentUserResource {
    private static final int MAX_LENGTH = 255;
    private final UserService userService;
    private final UserUtil userUtil;
    private final UserManager userManager;
    private final PasswordPolicyManager passwordPolicyManager;
    private final EventPublisher eventPublisher;
    private final I18nHelper i18n;
    private final EmailFormatter emailFormatter;
    private final JiraAuthenticationContext authContext;
    private final TimeZoneManager timeZoneManager;
    private final AvatarService avatarService;
    private final JiraBaseUrls jiraBaseUrls;

    public CurrentUserResource(UserService userService, UserUtil userUtil, UserManager userManager, PasswordPolicyManager passwordPolicyManager, EventPublisher eventPublisher, I18nHelper i18nHelper, EmailFormatter emailFormatter, JiraAuthenticationContext jiraAuthenticationContext, TimeZoneManager timeZoneManager, AvatarService avatarService, JiraBaseUrls jiraBaseUrls) {
        this.userService = userService;
        this.userManager = userManager;
        this.passwordPolicyManager = passwordPolicyManager;
        this.eventPublisher = eventPublisher;
        this.jiraBaseUrls = jiraBaseUrls;
        this.userUtil = userUtil;
        this.i18n = i18nHelper;
        this.emailFormatter = emailFormatter;
        this.authContext = jiraAuthenticationContext;
        this.timeZoneManager = timeZoneManager;
        this.avatarService = avatarService;
    }

    @GET
    public Response getUser() {
        ApplicationUser user = this.authContext.getUser();
        if (user == null) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("error.no-permission")));
        }
        return createUserResponse(user);
    }

    @PUT
    public Response updateUser(UserWriteBean userWriteBean) {
        ApplicationUser user = this.authContext.getUser();
        if (user == null) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("error.no-permission")));
        }
        if (StringUtils.isBlank(userWriteBean.getEmailAddress()) && StringUtils.isBlank(userWriteBean.getDisplayName())) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("error.no.value.found.to.be.changed")));
        }
        if (StringUtils.length(userWriteBean.getDisplayName()) > MAX_LENGTH) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("error.display.name.too.long")));
        }
        if (StringUtils.length(userWriteBean.getEmailAddress()) > MAX_LENGTH) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("error.email.address.too.long")));
        }
        if (StringUtils.isNotBlank(userWriteBean.getEmailAddress()) && !TextUtils.verifyEmail(userWriteBean.getEmailAddress())) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("error.invalid.email.address.format")));
        }
        if (!this.userManager.canUpdateUser(user)) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("error.cannot.edit.user.directory.read.only")));
        }
        ImmutableUser.Builder newUser = ImmutableUser.newUser(user.getDirectoryUser());
        newUser.emailAddress((String) StringUtils.defaultIfBlank(userWriteBean.getEmailAddress(), user.getEmailAddress()));
        newUser.displayName((String) StringUtils.defaultIfBlank(userWriteBean.getDisplayName(), user.getDisplayName()));
        this.userManager.updateUser(newUser.toUser());
        ApplicationUser userByKey = this.userUtil.getUserByKey(user.getKey());
        if (userByKey == null) {
            throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("error-no-entity")));
        }
        this.eventPublisher.publish(new UserProfileUpdatedEvent(userByKey.getDirectoryUser(), userByKey.getDirectoryUser()));
        return createUserResponse(userByKey);
    }

    @Path("password")
    @PUT
    public Response changeMyPassword(PasswordBean passwordBean) {
        ApplicationUser user = this.authContext.getUser();
        if (user == null) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("error.no-permission")));
        }
        String password = passwordBean.getPassword();
        if (StringUtils.isBlank(password)) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("error.password.cannot.be.empty")));
        }
        if (!this.passwordPolicyManager.checkPolicy(user, (String) null, password).isEmpty()) {
            throw new BadRequestWebException(ErrorCollection.of(this.i18n.getText("changepassword.new.password.rejected")));
        }
        try {
            this.userUtil.changePassword(user.getDirectoryUser(), password);
            return Response.noContent().cacheControl(CacheControl.never()).build();
        } catch (UserNotFoundException e) {
            throw new NotFoundWebException(ErrorCollection.of(this.i18n.getText("error-no-entity")));
        } catch (InvalidCredentialException e2) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("error.no-permission")));
        } catch (PermissionException e3) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("error.no-permission")));
        } catch (OperationNotPermittedException e4) {
            throw new ForbiddenWebException(ErrorCollection.of(this.i18n.getText("error.no-permission")));
        }
    }

    private Response createUserResponse(ApplicationUser applicationUser) {
        return Response.ok(new UserBeanBuilder(this.jiraBaseUrls).user(applicationUser).groups(ImmutableList.copyOf(this.userUtil.getGroupNamesForUser(applicationUser.getUsername()))).loggedInUser(applicationUser).emailFormatter(this.emailFormatter).timeZone(this.timeZoneManager.getTimeZoneforUser(applicationUser.getDirectoryUser())).avatarService(this.avatarService).buildFull()).cacheControl(CacheControl.never()).build();
    }
}
