package ch.software_atelier.simpleflex.rest.auth.rres;

import ch.software_atelier.simpleflex.rest.DefaultRestResource;
import ch.software_atelier.simpleflex.rest.RestRequest;
import ch.software_atelier.simpleflex.rest.RestResponse;
import ch.software_atelier.simpleflex.rest.auth.ExceptionHandler;
import ch.software_atelier.simpleflex.rest.auth.data.DataHandler;
import ch.software_atelier.simpleflex.rest.auth.data.DataHandlerException;
import ch.software_atelier.simpleflex.rest.auth.token.TokenHandler;
import ch.software_atelier.simpleflex.rest.auth.token.TokenHandlerException;
import ch.software_atelier.simpleflex.rest.auth.token.TokenParser;
import ch.software_atelier.simpleflex.rest.swagger.ArraySchemaBuilder;
import ch.software_atelier.simpleflex.rest.swagger.BodyParameter;
import ch.software_atelier.simpleflex.rest.swagger.HeaderParameter;
import ch.software_atelier.simpleflex.rest.swagger.MethodDocumentation;
import ch.software_atelier.simpleflex.rest.swagger.ObjectSchemaBuilder;
import ch.software_atelier.simpleflex.rest.swagger.PathParameter;
import java.util.HashMap;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:ch/software_atelier/simpleflex/rest/auth/rres/SpecificUserResource.class */
public class SpecificUserResource extends DefaultRestResource {
    private final DataHandler _dh;
    private final TokenHandler _th;
    private final TokenParser _tp;

    public SpecificUserResource(DataHandler dataHandler, TokenHandler tokenHandler, TokenParser tokenParser) {
        this._tp = tokenParser;
        this._dh = dataHandler;
        this._th = tokenHandler;
    }

    public RestResponse onGET(RestRequest restRequest) {
        try {
            String token = this._tp.getToken(restRequest);
            String username = this._tp.getUsername(token);
            String resourcePlaceholder = restRequest.getResourcePlaceholder("name");
            if (!username.equals(resourcePlaceholder) && !this._tp.isAdmin(token)) {
                return RestResponse.unauthorized_401();
            }
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("username", resourcePlaceholder);
            jSONObject.put("admin", this._dh.isAdmin(resourcePlaceholder));
            jSONObject.put("realms", SessionResource.realmsToArray(this._dh.getRealms(resourcePlaceholder)));
            return RestResponse.json_200(jSONObject);
        } catch (DataHandlerException | TokenHandlerException | NullPointerException | JSONException e) {
            return ExceptionHandler.handle(e, true);
        }
    }

    public void docGET(MethodDocumentation methodDocumentation) {
        methodDocumentation.setTitle("User Information");
        methodDocumentation.addTag("Authorisazion");
        methodDocumentation.setDescription("Returns the User Information and the realms if the user is an admin of if he retrieves his own information.");
        methodDocumentation.addProduces("application/json");
        methodDocumentation.addParameter(new HeaderParameter("Authorization", "the access token, Baerer"));
        methodDocumentation.addParameter(new PathParameter("name", "the username"));
        methodDocumentation.addResponse("200", "OK", ObjectSchemaBuilder.create("The new session data").addSimpleProperty("username", "string", "the username", true).addSimpleProperty("admin", "boolean", "wether the user is admin or not", true).addObjectProperty("realms", ArraySchemaBuilder.create("the realms this user has access to").setBasic("string", "a realm").toJSON(), true).toJSON());
    }

    public RestResponse onDELETE(RestRequest restRequest) {
        try {
            try {
                String token = this._tp.getToken(restRequest);
                if (token != null && this._tp.isAdmin(token)) {
                    String resourcePlaceholder = restRequest.getResourcePlaceholder("name");
                    if (this._tp.getUsername(token).equals(resourcePlaceholder)) {
                        return RestResponse.unauthorized_401();
                    }
                    this._dh.deleteUser(resourcePlaceholder);
                    return RestResponse.noContent_204();
                }
                return RestResponse.unauthorized_401();
            } catch (NullPointerException | JSONException e) {
                return ExceptionHandler.handle(e, false);
            }
        } catch (DataHandlerException e2) {
            return ExceptionHandler.handle(e2, false);
        } catch (TokenHandlerException e3) {
            return RestResponse.unauthorized_401();
        }
    }

    public void docDELETE(MethodDocumentation methodDocumentation) {
        methodDocumentation.setTitle("Delete User");
        methodDocumentation.addTag("Authorisazion");
        methodDocumentation.setDescription("Deletes a user if the requestiung user is an admin and if he does not try to delete his own account.");
        methodDocumentation.addProduces("application/json");
        methodDocumentation.addParameter(new HeaderParameter("Authorization", "the access token, Baerer"));
        methodDocumentation.addParameter(new PathParameter("name", "the username"));
        methodDocumentation.addResponse("204", "No Content", new JSONObject());
        methodDocumentation.addResponse("401", "Unauthorized", new JSONObject());
    }

    public RestResponse onPUT(RestRequest restRequest) {
        try {
            String token = this._tp.getToken(restRequest);
            String username = this._tp.getUsername(token);
            String resourcePlaceholder = restRequest.getResourcePlaceholder("name");
            JSONObject json = restRequest.getJSON();
            boolean z = json.has("old_pass") && json.has("pass");
            boolean has = json.has("realms");
            boolean has2 = json.has("admin");
            if (!resourcePlaceholder.equals(username) && !this._tp.isAdmin(token)) {
                return RestResponse.unauthorized_401();
            }
            if ((!this._tp.isAdmin(token)) && (has || has2)) {
                return RestResponse.unauthorized_401();
            }
            if (z) {
                String string = json.getString("old_pass");
                String string2 = json.getString("pass");
                boolean isAdmin = this._dh.isAdmin(resourcePlaceholder);
                try {
                    this._dh.verifyUser(resourcePlaceholder, string);
                    this._dh.putUser(resourcePlaceholder, string2, isAdmin);
                } catch (DataHandlerException e) {
                    return RestResponse.badRequest_400("old password is invalid");
                }
            }
            if (has) {
                JSONObject jSONObject = json.getJSONObject("realms");
                HashMap<String, String> hashMap = new HashMap<>();
                for (String str : jSONObject.keySet()) {
                    hashMap.put(str, jSONObject.optString(str, ""));
                }
                this._dh.putRealms(resourcePlaceholder, hashMap);
            }
            if (has2) {
                this._dh.putAdmin(resourcePlaceholder, json.optBoolean("admin"));
            }
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("msg", "ok");
            return RestResponse.json_200(jSONObject2);
        } catch (DataHandlerException | TokenHandlerException | JSONException e2) {
            return ExceptionHandler.handle(e2, true);
        }
    }

    public void docPUT(MethodDocumentation methodDocumentation) {
        methodDocumentation.setTitle("Change password");
        methodDocumentation.addTag("Authorisazion");
        methodDocumentation.setDescription("Change the users password");
        methodDocumentation.addProduces("application/json");
        methodDocumentation.addParameter(new HeaderParameter("Authorization", "the access token, Baerer"));
        methodDocumentation.addParameter(new PathParameter("name", "the username"));
        methodDocumentation.addParameter(new BodyParameter("body", ObjectSchemaBuilder.create("The Change password data").addSimpleProperty("user", "string", "the username", false).addSimpleProperty("old_pass", "string", "the previews password", false).addSimpleProperty("pass", "string", "the new password", false).addObjectProperty("realms", ObjectSchemaBuilder.create("The realms. key: realmname, value: realmdescription").toJSON(), false).addSimpleProperty("admin", "boolean", "change this users admin previgiges", false).toJSON()));
        methodDocumentation.addResponse("200", "OK", ObjectSchemaBuilder.create("update a user").addSimpleProperty("msg", "string", "the password changed message", true).toJSON());
    }
}
