package org.graylog2.users;

import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.inject.assistedinject.Assisted;
import com.google.inject.assistedinject.AssistedInject;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.permission.AllPermission;
import org.bson.types.ObjectId;
import org.graylog.security.permissions.CaseSensitiveWildcardPermission;
import org.graylog2.Configuration;
import org.graylog2.configuration.HttpConfiguration;
import org.graylog2.database.CollectionName;
import org.graylog2.database.ObjectIdStringFunction;
import org.graylog2.database.PersistedImpl;
import org.graylog2.database.StringObjectIdFunction;
import org.graylog2.database.validators.FilledStringValidator;
import org.graylog2.database.validators.LimitedOptionalStringValidator;
import org.graylog2.database.validators.LimitedStringValidator;
import org.graylog2.database.validators.ListValidator;
import org.graylog2.plugin.database.users.User;
import org.graylog2.plugin.database.validators.Validator;
import org.graylog2.plugin.security.PasswordAlgorithm;
import org.graylog2.rest.models.users.requests.Startpage;
import org.graylog2.security.PasswordAlgorithmFactory;
import org.graylog2.shared.security.Permissions;
import org.joda.time.DateTimeZone;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@CollectionName(UserImpl.COLLECTION_NAME)
/* loaded from: input_file:org/graylog2/users/UserImpl.class */
public class UserImpl extends PersistedImpl implements User {
    public static final String FULL_NAME_FORMAT = "%s %s";
    private final PasswordAlgorithmFactory passwordAlgorithmFactory;
    private final Permissions permissions;
    public static final String COLLECTION_NAME = "users";
    public static final String AUTH_SERVICE_ID = "auth_service_id";
    public static final String AUTH_SERVICE_UID = "auth_service_uid";
    public static final String USERNAME = "username";
    public static final String PASSWORD = "password";
    public static final String EMAIL = "email";
    public static final String FIRST_NAME = "first_name";
    public static final String LAST_NAME = "last_name";
    public static final String FULL_NAME = "full_name";
    public static final String PERMISSIONS = "permissions";
    public static final String PREFERENCES = "preferences";
    public static final String TIMEZONE = "timezone";
    public static final String EXTERNAL_USER = "external_user";
    public static final String SESSION_TIMEOUT = "session_timeout_ms";
    public static final String STARTPAGE = "startpage";
    public static final String ROLES = "roles";
    public static final String ACCOUNT_STATUS = "account_status";
    public static final String SERVICE_ACCOUNT = "service_account";
    public static final int MAX_USERNAME_LENGTH = 100;
    public static final int MAX_EMAIL_LENGTH = 254;
    public static final int MAX_FIRST_LAST_NAME_LENGTH = 100;
    public static final int MAX_FULL_NAME_LENGTH = 200;
    private static final Logger LOG = LoggerFactory.getLogger(UserImpl.class);
    private static final Map<String, Object> DEFAULT_PREFERENCES = new ImmutableMap.Builder().put("updateUnfocussed", false).put("enableSmartSearch", true).build();
    public static final long DEFAULT_SESSION_TIMEOUT_MS = TimeUnit.HOURS.toMillis(8);

    /* loaded from: input_file:org/graylog2/users/UserImpl$Factory.class */
    public interface Factory {
        UserImpl create(Map<String, Object> map);

        UserImpl create(ObjectId objectId, Map<String, Object> map);

        LocalAdminUser createLocalAdminUser(String str);
    }

    /* loaded from: input_file:org/graylog2/users/UserImpl$LocalAdminUser.class */
    public static class LocalAdminUser extends UserImpl {
        public static final String LOCAL_ADMIN_ID = "local:admin";
        private final Configuration configuration;
        private final Set<String> roles;

        @AssistedInject
        LocalAdminUser(PasswordAlgorithmFactory passwordAlgorithmFactory, Configuration configuration, @Assisted String str) {
            super(passwordAlgorithmFactory, null, null, Collections.emptyMap());
            this.configuration = configuration;
            this.roles = ImmutableSet.of(str);
        }

        @Override // org.graylog2.database.PersistedImpl, org.graylog2.plugin.database.Persisted
        public String getId() {
            return LOCAL_ADMIN_ID;
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public String getFullName() {
            return "Administrator";
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public String getEmail() {
            return this.configuration.getRootEmail();
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public String getName() {
            return this.configuration.getRootUsername();
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public boolean isReadOnly() {
            return true;
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public boolean isExternalUser() {
            return false;
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public List<String> getPermissions() {
            return Collections.singletonList("*");
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public Set<Permission> getObjectPermissions() {
            return Collections.singleton(new AllPermission());
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public Map<String, Object> getPreferences() {
            return UserImpl.DEFAULT_PREFERENCES;
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public long getSessionTimeoutMs() {
            return DEFAULT_SESSION_TIMEOUT_MS;
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public DateTimeZone getTimeZone() {
            return this.configuration.getRootTimeZone();
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public boolean isLocalAdmin() {
            return true;
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        @Nonnull
        public Set<String> getRoleIds() {
            return this.roles;
        }

        @Override // org.graylog2.users.UserImpl, org.graylog2.plugin.database.users.User
        public void setRoleIds(Set<String> set) {
        }
    }

    @AssistedInject
    public UserImpl(PasswordAlgorithmFactory passwordAlgorithmFactory, Permissions permissions, @Assisted Map<String, Object> map) {
        super(map);
        this.passwordAlgorithmFactory = passwordAlgorithmFactory;
        this.permissions = permissions;
    }

    @AssistedInject
    public UserImpl(PasswordAlgorithmFactory passwordAlgorithmFactory, Permissions permissions, @Assisted ObjectId objectId, @Assisted Map<String, Object> map) {
        super(objectId, map);
        this.passwordAlgorithmFactory = passwordAlgorithmFactory;
        this.permissions = permissions;
    }

    @Override // org.graylog2.plugin.database.users.User
    public boolean isReadOnly() {
        return false;
    }

    @Override // org.graylog2.plugin.database.Persisted
    public Map<String, Validator> getValidations() {
        return ImmutableMap.builder().put("username", new LimitedStringValidator(1, 100)).put("password", new FilledStringValidator()).put("email", new LimitedStringValidator(1, MAX_EMAIL_LENGTH)).put("first_name", new LimitedOptionalStringValidator(100)).put("last_name", new LimitedOptionalStringValidator(100)).put("full_name", new LimitedOptionalStringValidator(200)).put(PERMISSIONS, new ListValidator()).put(ROLES, new ListValidator(true)).build();
    }

    @Override // org.graylog2.plugin.database.Persisted
    public Map<String, Validator> getEmbeddedValidations(String str) {
        return Collections.emptyMap();
    }

    @Override // org.graylog2.plugin.database.users.User
    public Optional<String> getFirstName() {
        Object obj = this.fields.get("first_name");
        return obj == null ? Optional.empty() : Optional.of(obj.toString());
    }

    @Override // org.graylog2.plugin.database.users.User
    public Optional<String> getLastName() {
        Object obj = this.fields.get("last_name");
        return obj == null ? Optional.empty() : Optional.of(obj.toString());
    }

    @Override // org.graylog2.plugin.database.users.User
    public String getFullName() {
        return Strings.nullToEmpty((String) this.fields.get("full_name"));
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setFirstLastFullNames(String str, String str2) {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "A firstName value is required.");
        Preconditions.checkArgument(StringUtils.isNotBlank(str2), "A lastName value is required.");
        this.fields.put("first_name", str);
        this.fields.put("last_name", str2);
        this.fields.put("full_name", String.format(Locale.ENGLISH, FULL_NAME_FORMAT, str, str2));
    }

    @Override // org.graylog2.plugin.database.users.User
    @Deprecated
    public void setFullName(String str) {
        this.fields.put("full_name", str);
    }

    @Override // org.graylog2.plugin.database.users.User
    public String getName() {
        return String.valueOf(this.fields.get("username"));
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setName(String str) {
        this.fields.put("username", str);
    }

    @Override // org.graylog2.plugin.database.users.User
    public String getEmail() {
        return Strings.nullToEmpty((String) this.fields.get("email"));
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setEmail(String str) {
        this.fields.put("email", str);
    }

    @Override // org.graylog2.plugin.database.users.User
    public List<String> getPermissions() {
        HashSet hashSet = isServiceAccount() ? new HashSet() : new HashSet(this.permissions.userSelfEditPermissions(getName()));
        List list = (List) this.fields.get(PERMISSIONS);
        if (list != null) {
            hashSet.addAll(list);
        }
        return new ArrayList(hashSet);
    }

    @Override // org.graylog2.plugin.database.users.User
    public Set<Permission> getObjectPermissions() {
        return (Set) getPermissions().stream().map(str -> {
            return str.equals("*") ? new AllPermission() : new CaseSensitiveWildcardPermission(str);
        }).collect(Collectors.toSet());
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setPermissions(List<String> list) {
        ArrayList newArrayList = Lists.newArrayList(list);
        newArrayList.removeAll(this.permissions.userSelfEditPermissions(getName()));
        this.fields.put(PERMISSIONS, newArrayList);
    }

    @Override // org.graylog2.plugin.database.users.User
    public Map<String, Object> getPreferences() {
        Map<String, Object> map = (Map) this.fields.get(PREFERENCES);
        return (map == null || map.isEmpty()) ? DEFAULT_PREFERENCES : map;
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setPreferences(Map<String, Object> map) {
        this.fields.put(PREFERENCES, map);
    }

    @Override // org.graylog2.plugin.database.users.User
    public Startpage getStartpage() {
        if (!this.fields.containsKey(STARTPAGE)) {
            return null;
        }
        Map map = (Map) this.fields.get(STARTPAGE);
        String str = (String) map.get("type");
        String str2 = (String) map.get("id");
        if (str == null || str2 == null) {
            return null;
        }
        return Startpage.create(str, str2);
    }

    @Override // org.graylog2.plugin.database.users.User
    public long getSessionTimeoutMs() {
        Object obj = this.fields.get(SESSION_TIMEOUT);
        return (obj == null || !(obj instanceof Long)) ? DEFAULT_SESSION_TIMEOUT_MS : ((Long) obj).longValue();
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setSessionTimeoutMs(long j) {
        this.fields.put(SESSION_TIMEOUT, Long.valueOf(j));
    }

    @Override // org.graylog2.plugin.database.users.User
    public String getHashedPassword() {
        return MoreObjects.firstNonNull(this.fields.get("password"), HttpConfiguration.PATH_WEB).toString();
    }

    public void setHashedPassword(String str) {
        this.fields.put("password", str);
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setPassword(String str) {
        if (str == null || HttpConfiguration.PATH_WEB.equals(str)) {
            setHashedPassword(HttpConfiguration.PATH_WEB);
        } else {
            setHashedPassword(this.passwordAlgorithmFactory.defaultPasswordAlgorithm().hash(str));
        }
    }

    @Override // org.graylog2.plugin.database.users.User
    public boolean isUserPassword(String str) {
        PasswordAlgorithm forPassword = this.passwordAlgorithmFactory.forPassword(getHashedPassword());
        if (forPassword == null) {
            return false;
        }
        return forPassword.matches(getHashedPassword(), str);
    }

    @Override // org.graylog2.plugin.database.users.User
    public DateTimeZone getTimeZone() {
        Object obj = this.fields.get("timezone");
        if (obj == null) {
            return null;
        }
        try {
            return DateTimeZone.forID(obj.toString());
        } catch (IllegalArgumentException e) {
            LOG.warn("Invalid timezone \"{}\" saved for user \"{}\"", obj, getName());
            return null;
        }
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setTimeZone(String str) {
        DateTimeZone dateTimeZone = null;
        if (str != null) {
            try {
                dateTimeZone = DateTimeZone.forID(str);
            } catch (IllegalArgumentException e) {
                LOG.error("Invalid timezone \"{}\", falling back to UTC.", str);
            }
        }
        setTimeZone(dateTimeZone);
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setTimeZone(DateTimeZone dateTimeZone) {
        this.fields.put("timezone", dateTimeZone == null ? null : dateTimeZone.getID());
    }

    @Override // org.graylog2.plugin.database.users.User
    public boolean isExternalUser() {
        return Boolean.valueOf(String.valueOf(this.fields.get(EXTERNAL_USER))).booleanValue();
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setExternal(boolean z) {
        this.fields.put(EXTERNAL_USER, Boolean.valueOf(z));
    }

    @Override // org.graylog2.plugin.database.users.User
    public boolean isLocalAdmin() {
        return false;
    }

    @Override // org.graylog2.plugin.database.users.User
    @Nonnull
    public Set<String> getRoleIds() {
        return new HashSet(Collections2.transform((List) MoreObjects.firstNonNull((List) this.fields.get(ROLES), Collections.emptyList()), new ObjectIdStringFunction()));
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setRoleIds(Set<String> set) {
        this.fields.put(ROLES, new ArrayList(Collections2.transform(set, new StringObjectIdFunction())));
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setStartpage(String str, String str2) {
        setStartpage((str == null || str2 == null) ? null : Startpage.create(str, str2));
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setStartpage(Startpage startpage) {
        HashMap hashMap = new HashMap();
        if (startpage != null) {
            hashMap.put("type", startpage.type());
            hashMap.put("id", startpage.id());
        }
        this.fields.put(STARTPAGE, hashMap);
    }

    @Override // org.graylog2.plugin.database.users.User
    @Nullable
    public String getAuthServiceId() {
        return (String) this.fields.get(AUTH_SERVICE_ID);
    }

    @Override // org.graylog2.plugin.database.users.User
    @Nullable
    public String getAuthServiceUid() {
        return (String) this.fields.get(AUTH_SERVICE_UID);
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setAuthServiceId(@Nullable String str) {
        this.fields.put(AUTH_SERVICE_ID, str);
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setAuthServiceUid(@Nullable String str) {
        this.fields.put(AUTH_SERVICE_UID, str);
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setAccountStatus(User.AccountStatus accountStatus) {
        this.fields.put(ACCOUNT_STATUS, accountStatus.toString().toLowerCase(Locale.US));
    }

    @Override // org.graylog2.plugin.database.users.User
    public User.AccountStatus getAccountStatus() {
        String str = (String) this.fields.get(ACCOUNT_STATUS);
        return str == null ? User.AccountStatus.ENABLED : User.AccountStatus.valueOf(str.toUpperCase(Locale.US));
    }

    @Override // org.graylog2.plugin.database.users.User
    public boolean isServiceAccount() {
        return Boolean.valueOf(String.valueOf(this.fields.get(SERVICE_ACCOUNT))).booleanValue();
    }

    @Override // org.graylog2.plugin.database.users.User
    public void setServiceAccount(boolean z) {
        this.fields.put(SERVICE_ACCOUNT, Boolean.valueOf(z));
    }
}
