package at.damudo.flowy.admin.features.auth.services;

import at.damudo.flowy.admin.features.auth.models.UserAuthToken;
import at.damudo.flowy.admin.features.auth.requests.LoginRequest;
import at.damudo.flowy.admin.features.global_settings.AdminGlobalSettingManager;
import at.damudo.flowy.admin.features.user.UserAdminRepository;
import at.damudo.flowy.core.entities.UserEntity;
import at.damudo.flowy.core.enums.ActiveStatus;
import at.damudo.flowy.core.exceptions.HttpBadRequestException;
import at.damudo.flowy.core.exceptions.HttpForbiddenException;
import at.damudo.flowy.core.repositories.RoleRepository;
import at.damudo.flowy.core.services.AuthCoreService;
import jakarta.servlet.http.HttpSession;
import java.util.Date;
import lombok.Generated;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:BOOT-INF/classes/at/damudo/flowy/admin/features/auth/services/AuthService.class */
public class AuthService {
    private final PasswordEncoder passwordEncoder;
    private final UserAdminRepository userRepository;
    private final RoleRepository roleRepository;
    private final AuthCoreService authCoreService;
    private final TwoFactorAuthService twoFactorAuthService;
    private final AdminGlobalSettingManager globalSettingManager;

    @Transactional(noRollbackFor = {BadCredentialsException.class, HttpBadRequestException.class})
    public UserAuthToken login(LoginRequest loginRequest) {
        UserEntity orElseThrow = this.userRepository.findWithLockByEmail(loginRequest.getEmail()).orElseThrow(() -> {
            return new BadCredentialsException("Bad credentials");
        });
        if (orElseThrow.getFailedLoginAttempts() >= orElseThrow.getAllowedLoginAttempts()) {
            throw new BadCredentialsException("Maximum authentication attempts exceeded");
        }
        if (!this.passwordEncoder.matches(loginRequest.getPassword(), orElseThrow.getPassword())) {
            increaseFailLoginAttempts(orElseThrow);
            throw new BadCredentialsException("Bad credentials");
        }
        if (ActiveStatus.INACTIVE.equals(orElseThrow.getStatus())) {
            throw new HttpForbiddenException("Account is disabled");
        }
        if (this.globalSettingManager.getValues().getMfa().getStartingDate() != null && !orElseThrow.isTwoFactorAuthEnabled() && this.globalSettingManager.getValues().getMfa().getStartingDate().before(new Date()) && (orElseThrow.getMfaStartingDate() == null || orElseThrow.getMfaStartingDate().before(new Date()))) {
            throw new HttpBadRequestException("The two-factor authentication is not enabled");
        }
        if (orElseThrow.isTwoFactorAuthEnabled() && loginRequest.getOtpCode() == null) {
            return new UserAuthToken(orElseThrow, this.roleRepository.findByUserId(orElseThrow.getId().longValue()), null, orElseThrow.isTwoFactorAuthEnabled());
        }
        if (!orElseThrow.isTwoFactorAuthEnabled() || this.twoFactorAuthService.isEquals(loginRequest.getOtpCode(), orElseThrow.getTwoFactorAuthSecretKey())) {
            resetFailedLoginAttempts(orElseThrow);
            return new UserAuthToken(orElseThrow, this.roleRepository.findByUserId(orElseThrow.getId().longValue()), this.authCoreService.login(orElseThrow.getId().longValue()), orElseThrow.isTwoFactorAuthEnabled());
        }
        increaseFailLoginAttempts(orElseThrow);
        throw new HttpBadRequestException("Bad OTP code");
    }

    public void logout(HttpSession httpSession) {
        this.authCoreService.logout(httpSession.getId());
    }

    private void increaseFailLoginAttempts(UserEntity userEntity) {
        userEntity.setFailedLoginAttempts(userEntity.getFailedLoginAttempts() + 1);
        this.userRepository.save(userEntity);
    }

    private void resetFailedLoginAttempts(UserEntity userEntity) {
        userEntity.setFailedLoginAttempts(0);
        this.userRepository.save(userEntity);
    }

    @Generated
    public AuthService(PasswordEncoder passwordEncoder, UserAdminRepository userAdminRepository, RoleRepository roleRepository, AuthCoreService authCoreService, TwoFactorAuthService twoFactorAuthService, AdminGlobalSettingManager adminGlobalSettingManager) {
        this.passwordEncoder = passwordEncoder;
        this.userRepository = userAdminRepository;
        this.roleRepository = roleRepository;
        this.authCoreService = authCoreService;
        this.twoFactorAuthService = twoFactorAuthService;
        this.globalSettingManager = adminGlobalSettingManager;
    }
}
