package com.google.gerrit.server.restapi.account;

import com.google.common.flogger.FluentLogger;
import com.google.gerrit.exceptions.EmailException;
import com.google.gerrit.extensions.api.accounts.EmailInput;
import com.google.gerrit.extensions.client.AccountFieldName;
import com.google.gerrit.extensions.client.AuthType;
import com.google.gerrit.extensions.common.EmailInfo;
import com.google.gerrit.extensions.common.Input;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestCollectionCreateView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountException;
import com.google.gerrit.server.account.AccountManager;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.AuthRequest;
import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.mail.send.OutgoingEmailValidator;
import com.google.gerrit.server.mail.send.RegisterNewEmailSender;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import org.eclipse.jgit.errors.ConfigInvalidException;

@Singleton
/* loaded from: input_file:com/google/gerrit/server/restapi/account/CreateEmail.class */
public class CreateEmail implements RestCollectionCreateView<AccountResource, AccountResource.Email, EmailInput> {
    private static final FluentLogger logger = FluentLogger.forEnclosingClass();
    private final Provider<CurrentUser> self;
    private final Realm realm;
    private final PermissionBackend permissionBackend;
    private final AccountManager accountManager;
    private final RegisterNewEmailSender.Factory registerNewEmailFactory;
    private final PutPreferred putPreferred;
    private final OutgoingEmailValidator validator;
    private final boolean isDevMode;

    @Inject
    CreateEmail(Provider<CurrentUser> provider, Realm realm, PermissionBackend permissionBackend, AuthConfig authConfig, AccountManager accountManager, RegisterNewEmailSender.Factory factory, PutPreferred putPreferred, OutgoingEmailValidator outgoingEmailValidator) {
        this.self = provider;
        this.realm = realm;
        this.permissionBackend = permissionBackend;
        this.accountManager = accountManager;
        this.registerNewEmailFactory = factory;
        this.putPreferred = putPreferred;
        this.validator = outgoingEmailValidator;
        this.isDevMode = authConfig.getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT;
    }

    @Override // com.google.gerrit.extensions.restapi.RestCollectionCreateView
    public Response<EmailInfo> apply(AccountResource accountResource, IdString idString, EmailInput emailInput) throws RestApiException, EmailException, MethodNotAllowedException, IOException, ConfigInvalidException, PermissionBackendException {
        if (emailInput == null) {
            emailInput = new EmailInput();
        }
        if (!this.self.get().hasSameAccountId(accountResource.getUser()) || emailInput.noConfirmation) {
            this.permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
        }
        if (this.realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {
            return Response.created(apply(accountResource.getUser(), idString, emailInput));
        }
        throw new MethodNotAllowedException("realm does not allow adding emails");
    }

    public EmailInfo apply(IdentifiedUser identifiedUser, IdString idString, EmailInput emailInput) throws RestApiException, EmailException, MethodNotAllowedException, IOException, ConfigInvalidException, PermissionBackendException {
        String trim = idString.get().trim();
        if (emailInput == null) {
            emailInput = new EmailInput();
        }
        if (emailInput.email != null && !trim.equals(emailInput.email)) {
            throw new BadRequestException("email address must match URL");
        }
        if (!this.validator.isValid(trim)) {
            throw new BadRequestException("invalid email address");
        }
        EmailInfo emailInfo = new EmailInfo();
        emailInfo.email = trim;
        if (emailInput.noConfirmation || this.isDevMode) {
            if (this.isDevMode) {
                logger.atWarning().log("skipping email validation in developer mode");
            }
            try {
                this.accountManager.link(identifiedUser.getAccountId(), AuthRequest.forEmail(trim));
                if (emailInput.preferred) {
                    this.putPreferred.apply(new AccountResource.Email(identifiedUser, trim), (Input) null);
                    emailInfo.preferred = true;
                }
            } catch (AccountException e) {
                throw new ResourceConflictException(e.getMessage());
            }
        } else {
            try {
                RegisterNewEmailSender create = this.registerNewEmailFactory.create(trim);
                if (!create.isAllowed()) {
                    throw new MethodNotAllowedException("Not allowed to add email address " + trim);
                }
                create.send();
                emailInfo.pendingConfirmation = true;
            } catch (EmailException | RuntimeException e2) {
                logger.atSevere().withCause(e2).log("Cannot send email verification message to %s", trim);
                throw e2;
            }
        }
        return emailInfo;
    }
}
