package org.graylog2.users;

import com.google.common.base.MoreObjects;
import com.google.common.base.Predicates;
import com.google.common.base.Strings;
import com.google.common.collect.Collections2;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.mongodb.BasicDBObject;
import com.mongodb.BasicDBObjectBuilder;
import com.mongodb.DBObject;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import org.bson.types.ObjectId;
import org.graylog2.Configuration;
import org.graylog2.database.MongoConnection;
import org.graylog2.database.NotFoundException;
import org.graylog2.database.PersistedServiceImpl;
import org.graylog2.plugin.database.Persisted;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.plugin.database.users.User;
import org.graylog2.security.InMemoryRolePermissionResolver;
import org.graylog2.shared.security.RestPermissions;
import org.graylog2.shared.security.ldap.LdapEntry;
import org.graylog2.shared.security.ldap.LdapSettings;
import org.graylog2.shared.users.Role;
import org.graylog2.shared.users.Roles;
import org.graylog2.shared.users.UserService;
import org.graylog2.users.UserImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/users/UserServiceImpl.class */
public class UserServiceImpl extends PersistedServiceImpl implements UserService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) UserServiceImpl.class);
    private final Configuration configuration;
    private final RoleService roleService;
    private final InMemoryRolePermissionResolver inMemoryRolePermissionResolver;

    @Inject
    public UserServiceImpl(MongoConnection mongoConnection, Configuration configuration, RoleService roleService, InMemoryRolePermissionResolver inMemoryRolePermissionResolver) {
        super(mongoConnection);
        this.configuration = configuration;
        this.roleService = roleService;
        this.inMemoryRolePermissionResolver = inMemoryRolePermissionResolver;
        collection(UserImpl.class).createIndex("roles");
    }

    @Override // org.graylog2.shared.users.UserService
    public User load(String str) {
        LOG.debug("Loading user {}", str);
        if (this.configuration.getRootUsername().equals(str)) {
            LOG.debug("User {} is the built-in admin user", str);
            return new UserImpl.LocalAdminUser(this.configuration, this.roleService.getAdminRoleObjectId());
        }
        BasicDBObject basicDBObject = new BasicDBObject();
        basicDBObject.put("username", (Object) str);
        List<DBObject> query = query(UserImpl.class, basicDBObject);
        if (query == null || query.isEmpty()) {
            return null;
        }
        if (query.size() > 1) {
            String str2 = "There was more than one matching user for username " + str + ". This should never happen.";
            LOG.error(str2);
            throw new RuntimeException(str2);
        }
        DBObject dBObject = query.get(0);
        Object obj = dBObject.get("_id");
        LOG.debug("Loaded user {}/{} from MongoDB", str, obj);
        return new UserImpl((ObjectId) obj, dBObject.toMap());
    }

    @Override // org.graylog2.shared.users.UserService
    public int delete(String str) {
        LOG.debug("Deleting user(s) with username \"{}\"", str);
        int destroy = destroy(BasicDBObjectBuilder.start("username", str).get(), "users");
        if (destroy > 1) {
            LOG.warn("Removed {} users matching username \"{}\".", Integer.valueOf(destroy), str);
        }
        return destroy;
    }

    @Override // org.graylog2.shared.users.UserService
    public User create() {
        return new UserImpl(Maps.newHashMap());
    }

    @Override // org.graylog2.shared.users.UserService
    public List<User> loadAll() {
        List<DBObject> query = query(UserImpl.class, new BasicDBObject());
        ArrayList newArrayList = Lists.newArrayList();
        for (DBObject dBObject : query) {
            newArrayList.add(new UserImpl((ObjectId) dBObject.get("_id"), dBObject.toMap()));
        }
        return newArrayList;
    }

    @Override // org.graylog2.shared.users.UserService
    public User syncFromLdapEntry(LdapEntry ldapEntry, LdapSettings ldapSettings, String str) {
        UserImpl userImpl = (UserImpl) load(str);
        if (userImpl == null) {
            userImpl = new UserImpl(Maps.newHashMap());
        }
        updateFromLdap(userImpl, ldapEntry, ldapSettings, str);
        try {
            save(userImpl);
            return userImpl;
        } catch (ValidationException e) {
            LOG.error("Cannot save user.", (Throwable) e);
            return null;
        }
    }

    @Override // org.graylog2.shared.users.UserService
    public void updateFromLdap(User user, LdapEntry ldapEntry, LdapSettings ldapSettings, String str) {
        String str2 = (String) MoreObjects.firstNonNull(ldapEntry.get(ldapSettings.getDisplayNameAttribute()), str);
        user.setName(str);
        user.setFullName(str2);
        user.setExternal(true);
        if (user.getTimeZone() == null) {
            user.setTimeZone(this.configuration.getRootTimeZone());
        }
        String email = ldapEntry.getEmail();
        if (Strings.isNullOrEmpty(email)) {
            LOG.debug("No email address found for user {} in LDAP. Using {}@localhost", str, str);
            user.setEmail(str + "@localhost");
        } else {
            user.setEmail(email);
        }
        if (Strings.isNullOrEmpty(user.getHashedPassword())) {
            ((UserImpl) user).setHashedPassword("User synced from LDAP.");
        }
        if (user.getPermissions() == null) {
            user.setPermissions(Lists.newArrayList(RestPermissions.userSelfEditPermissions(str)));
        } else {
            user.setPermissions(Lists.newArrayList(Sets.union(RestPermissions.userSelfEditPermissions(str), Sets.newHashSet(user.getPermissions()))));
        }
        HashSet newHashSet = Sets.newHashSet(Sets.union(Sets.newHashSet(ldapSettings.getDefaultGroupId()), ldapSettings.getAdditionalDefaultGroupIds()));
        if (!ldapEntry.getGroups().isEmpty()) {
            try {
                Map<String, Role> loadAllLowercaseNameMap = this.roleService.loadAllLowercaseNameMap();
                for (String str3 : ldapEntry.getGroups()) {
                    String str4 = ldapSettings.getGroupMapping().get(str3);
                    if (str4 == null) {
                        LOG.debug("User {}: No group mapping for ldap group <{}>", str, str3);
                    } else {
                        Role role = loadAllLowercaseNameMap.get(str4.toLowerCase());
                        if (role != null) {
                            LOG.debug("User {}: Mapping ldap group <{}> to role <{}>", str, str3, role.getName());
                            newHashSet.add(role.getId());
                        } else {
                            LOG.warn("User {}: No role found for ldap group <{}>", str, str3);
                        }
                    }
                }
            } catch (NotFoundException e) {
                LOG.error("Unable to load user roles", (Throwable) e);
            }
        } else if (ldapSettings.getGroupMapping().isEmpty() || ldapSettings.getGroupSearchBase().isEmpty() || ldapSettings.getGroupSearchPattern().isEmpty() || ldapSettings.getGroupIdAttribute().isEmpty()) {
            newHashSet.addAll(user.getRoleIds());
        }
        user.setRoleIds(newHashSet);
    }

    @Override // org.graylog2.database.PersistedServiceImpl, org.graylog2.plugin.database.PersistedService
    public <T extends Persisted> String save(T t) throws ValidationException {
        if (t instanceof UserImpl.LocalAdminUser) {
            throw new IllegalStateException("Cannot modify local root user, this is a bug.");
        }
        return super.save(t);
    }

    @Override // org.graylog2.shared.users.UserService
    public User getAdminUser() {
        return new UserImpl.LocalAdminUser(this.configuration, this.roleService.getAdminRoleObjectId());
    }

    @Override // org.graylog2.shared.users.UserService
    public long count() {
        return totalCount(UserImpl.class);
    }

    @Override // org.graylog2.shared.users.UserService
    public Collection<User> loadAllForRole(Role role) {
        List<DBObject> query = query(UserImpl.class, BasicDBObjectBuilder.start("roles", new ObjectId(role.getId())).get());
        if (query == null || query.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet newHashSetWithExpectedSize = Sets.newHashSetWithExpectedSize(query.size());
        for (DBObject dBObject : query) {
            newHashSetWithExpectedSize.add(new UserImpl((ObjectId) dBObject.get("_id"), dBObject.toMap()));
        }
        return newHashSetWithExpectedSize;
    }

    @Override // org.graylog2.shared.users.UserService
    public Set<String> getRoleNames(User user) {
        Map<String, Role> emptyMap;
        Set<String> roleIds = user.getRoleIds();
        if (roleIds.isEmpty()) {
            return Collections.emptySet();
        }
        try {
            emptyMap = this.roleService.loadAllIdMap();
        } catch (NotFoundException e) {
            LOG.error("Unable to load role ID map. Using empty map.", (Throwable) e);
            emptyMap = Collections.emptyMap();
        }
        return ImmutableSet.copyOf(Iterables.filter(Collections2.transform(roleIds, Roles.roleIdToNameFunction(emptyMap)), Predicates.notNull()));
    }

    @Override // org.graylog2.shared.users.UserService
    public List<String> getPermissionsForUser(User user) {
        ImmutableSet.Builder addAll = ImmutableSet.builder().addAll((Iterable) user.getPermissions());
        Iterator<String> it = user.getRoleIds().iterator();
        while (it.hasNext()) {
            addAll.addAll((Iterable) this.inMemoryRolePermissionResolver.resolveStringPermission(it.next()));
        }
        return addAll.build().asList();
    }

    @Override // org.graylog2.shared.users.UserService
    public void dissociateAllUsersFromRole(Role role) {
        for (User user : loadAllForRole(role)) {
            if (!user.isLocalAdmin()) {
                HashSet newHashSet = Sets.newHashSet(user.getRoleIds());
                newHashSet.remove(role.getId());
                user.setRoleIds(newHashSet);
                try {
                    save(user);
                } catch (ValidationException e) {
                    LOG.error("Unable to remove role {} from user {}", role.getName(), user);
                }
            }
        }
    }
}
