package org.graylog.security.authservice.rest;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog.security.authservice.AuthServiceBackendDTO;
import org.graylog.security.authservice.DBAuthServiceBackendService;
import org.graylog.security.authservice.GlobalAuthServiceConfig;
import org.graylog2.database.PaginatedList;
import org.graylog2.rest.models.PaginatedResponse;
import org.graylog2.search.SearchQuery;
import org.graylog2.search.SearchQueryField;
import org.graylog2.search.SearchQueryParser;
import org.graylog2.shared.rest.resources.RestResource;
import org.graylog2.shared.security.RestPermissions;
import org.graylog2.users.PaginatedUserService;
import org.graylog2.users.RoleService;
import org.graylog2.users.UserImpl;
import org.graylog2.users.UserOverviewDTO;

@Api(value = "System/Authentication/Services", description = "Manage authentication services")
@RequiresAuthentication
@Path("/system/authentication/services")
@Consumes({"application/json"})
@Produces({"application/json"})
/* loaded from: input_file:org/graylog/security/authservice/rest/AuthServicesResource.class */
public class AuthServicesResource extends RestResource {
    private static final ImmutableMap<String, SearchQueryField> SEARCH_FIELD_MAPPING = ImmutableMap.builder().put("username", SearchQueryField.create("username")).put("full_name", SearchQueryField.create("full_name")).put("email", SearchQueryField.create("email")).build();
    private final GlobalAuthServiceConfig authServiceConfig;
    private final PaginatedUserService userService;
    private final DBAuthServiceBackendService backendService;
    private final RoleService roleService;
    private final SearchQueryParser userSearchQueryParser = new SearchQueryParser("full_name", (Map<String, SearchQueryField>) SEARCH_FIELD_MAPPING);

    @Inject
    public AuthServicesResource(GlobalAuthServiceConfig globalAuthServiceConfig, PaginatedUserService paginatedUserService, DBAuthServiceBackendService dBAuthServiceBackendService, RoleService roleService) {
        this.authServiceConfig = globalAuthServiceConfig;
        this.userService = paginatedUserService;
        this.backendService = dBAuthServiceBackendService;
        this.roleService = roleService;
    }

    @GET
    @Path("active-backend")
    @RequiresPermissions({RestPermissions.AUTH_SERVICE_GLOBAL_CONFIG_READ})
    @ApiOperation("Get active authentication service backend")
    public Response get() {
        Optional<AuthServiceBackendDTO> activeBackendConfig = getActiveBackendConfig();
        HashMap hashMap = new HashMap();
        hashMap.put("backend", activeBackendConfig.orElse(null));
        hashMap.put("context", Collections.singletonMap("backends_total", Long.valueOf(this.backendService.countBackends())));
        return Response.ok(hashMap).build();
    }

    @GET
    @Path("active-backend/users")
    @RequiresPermissions({RestPermissions.AUTH_SERVICE_GLOBAL_CONFIG_READ, RestPermissions.USERS_LIST})
    @ApiOperation("Get paginated users for active authentication service backend")
    public PaginatedResponse<UserOverviewDTO> getUsers(@QueryParam("page") @ApiParam(name = "page") @DefaultValue("1") int i, @QueryParam("per_page") @ApiParam(name = "per_page") @DefaultValue("50") int i2, @QueryParam("query") @ApiParam(name = "query") @DefaultValue("") String str, @QueryParam("sort") @ApiParam(name = "sort", value = "The field to sort the result on", required = true, allowableValues = "username,full_name,email") @DefaultValue("full_name") String str2, @QueryParam("order") @ApiParam(name = "order", value = "The sort direction", allowableValues = "asc, desc") @DefaultValue("asc") String str3) {
        PaginatedList<UserOverviewDTO> findPaginatedByAuthServiceBackend = this.userService.findPaginatedByAuthServiceBackend(parseSearchQuery(str), i, i2, str2, str3, getActiveBackendConfig().orElseThrow(() -> {
            return new NotFoundException("No active authentication service backend found");
        }).id());
        return PaginatedResponse.create(UserImpl.COLLECTION_NAME, findPaginatedByAuthServiceBackend, str, Collections.singletonMap(UserImpl.ROLES, createRoleContext(findPaginatedByAuthServiceBackend.m357delegate())));
    }

    private Map<String, Object> createRoleContext(List<UserOverviewDTO> list) {
        Set<String> set = (Set) list.stream().flatMap(userOverviewDTO -> {
            return userOverviewDTO.roles().stream();
        }).collect(Collectors.toSet());
        try {
            return (Map) this.roleService.findIdMap(set).values().stream().map(role -> {
                return Maps.immutableEntry(role.getId(), Collections.singletonMap("title", role.getName()));
            }).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            }));
        } catch (org.graylog2.database.NotFoundException e) {
            throw new NotFoundException("Couldn't find roles: " + set);
        }
    }

    private SearchQuery parseSearchQuery(String str) {
        try {
            return this.userSearchQueryParser.parse(str);
        } catch (IllegalArgumentException e) {
            throw new BadRequestException("Invalid argument in search query: " + e.getMessage());
        }
    }

    private Optional<AuthServiceBackendDTO> getActiveBackendConfig() {
        Optional<AuthServiceBackendDTO> activeBackendConfig = this.authServiceConfig.getActiveBackendConfig();
        activeBackendConfig.ifPresent(authServiceBackendDTO -> {
            checkPermission(RestPermissions.AUTH_SERVICE_BACKEND_READ, authServiceBackendDTO.id());
        });
        return activeBackendConfig;
    }
}
