package org.molgenis.security.user;

import org.molgenis.auth.MolgenisGroup;
import org.molgenis.auth.MolgenisUser;
import org.molgenis.security.core.utils.SecurityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:WEB-INF/lib/molgenis-security-1.15.1-SNAPSHOT.jar:org/molgenis/security/user/UserAccountServiceImpl.class */
public class UserAccountServiceImpl implements UserAccountService {

    @Autowired
    private MolgenisUserService userService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override // org.molgenis.security.user.UserAccountService
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_SU', 'ROLE_PLUGIN_READ_USERACCOUNT')")
    public MolgenisUser getCurrentUser() {
        return this.userService.getUser(SecurityUtils.getCurrentUsername());
    }

    @Override // org.molgenis.security.user.UserAccountService
    @Transactional(readOnly = true)
    @PreAuthorize("hasAnyRole('ROLE_SU', 'ROLE_PLUGIN_READ_USERACCOUNT')")
    public Iterable<MolgenisGroup> getCurrentUserGroups() {
        return this.userService.getUserGroups(SecurityUtils.getCurrentUsername());
    }

    @Override // org.molgenis.security.user.UserAccountService
    @Transactional
    @PreAuthorize("hasAnyRole('ROLE_SU', 'ROLE_PLUGIN_WRITE_USERACCOUNT')")
    public void updateCurrentUser(MolgenisUser molgenisUser) {
        String currentUsername = SecurityUtils.getCurrentUsername();
        if (!currentUsername.equals(molgenisUser.getUsername())) {
            throw new RuntimeException("Updated user differs from the current user");
        }
        if (this.userService.getUser(currentUsername) == null) {
            throw new RuntimeException("User does not exist [" + currentUsername + "]");
        }
        this.userService.update(molgenisUser);
    }

    @Override // org.molgenis.security.user.UserAccountService
    @Transactional
    @PreAuthorize("hasAnyRole('ROLE_SU', 'ROLE_PLUGIN_READ_USERACCOUNT')")
    public boolean validateCurrentUserPassword(String str) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        MolgenisUser user = this.userService.getUser(SecurityUtils.getCurrentUsername());
        if (user == null) {
            throw new RuntimeException("User does not exist [" + SecurityUtils.getCurrentUsername() + "]");
        }
        return this.passwordEncoder.matches(str, user.getPassword());
    }
}
