package org.openrewrite.java.spring.security6;

import java.time.Duration;
import java.util.ArrayList;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Preconditions;
import org.openrewrite.Recipe;
import org.openrewrite.TreeVisitor;
import org.openrewrite.java.MethodMatcher;
import org.openrewrite.java.RemoveMethodInvocationsVisitor;
import org.openrewrite.java.search.UsesMethod;

/* loaded from: input_file:org/openrewrite/java/spring/security6/RemoveOauth2LoginConfig.class */
public class RemoveOauth2LoginConfig extends Recipe {
    private static final MethodMatcher O_AUTH_2_LOGIN_MATCHER = new MethodMatcher("org.springframework.security.config.annotation.web.builders.HttpSecurity oauth2Login()");

    public String getDisplayName() {
        return "Remove unneeded `oauth2Login` config when upgrading to Spring Security 6";
    }

    public String getDescription() {
        return "`oauth2Login()` is a Spring Security feature that allows users to authenticate with an OAuth2 or OpenID Connect 1.0 provider. When a user is authenticated using this feature, they are granted a set of authorities that determines what actions they are allowed to perform within the application.\n\nIn Spring Security 5, the default authority given to a user authenticated with an OAuth2 or OpenID Connect 1.0 provider via `oauth2Login()` is `ROLE_USER`. This means that the user is allowed to access the application's resources as a regular user.\n\nHowever, in Spring Security 6, the default authority given to a user authenticated with an OAuth2 provider is `OAUTH2_USER`, and the default authority given to a user authenticated with an OpenID Connect 1.0 provider is `OIDC_USER`. These authorities are more specific and allow for better customization of the user's permissions within the application.\n\nIf you are upgrading to Spring Security 6 and you have previously configured a `GrantedAuthoritiesMapper` to handle the authorities of users authenticated via `oauth2Login()`, you can remove it completely as the new default authorities should be sufficient.";
    }

    public Duration getEstimatedEffortPerOccurrence() {
        return Duration.ofMinutes(8L);
    }

    public TreeVisitor<?, ExecutionContext> getVisitor() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("org.springframework.security.config.annotation.web.builders.HttpSecurity oauth2Login()");
        arrayList.add("org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer userInfoEndpoint()");
        arrayList.add("org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$UserInfoEndpointConfig userAuthoritiesMapper(org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper)");
        return Preconditions.check(new UsesMethod(O_AUTH_2_LOGIN_MATCHER), new RemoveMethodInvocationsVisitor(arrayList));
    }
}
