package org.molgenis.security.twofactor.service;

import com.google.api.client.util.Lists;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.molgenis.data.DataService;
import org.molgenis.data.populate.IdGenerator;
import org.molgenis.data.security.auth.User;
import org.molgenis.data.security.user.UserService;
import org.molgenis.security.core.runas.RunAsSystemAspect;
import org.molgenis.security.core.utils.SecurityUtils;
import org.molgenis.security.twofactor.model.RecoveryCode;
import org.molgenis.security.twofactor.model.RecoveryCodeFactory;
import org.molgenis.security.twofactor.model.RecoveryCodeMetadata;
import org.molgenis.security.twofactor.model.UserSecret;
import org.molgenis.security.twofactor.model.UserSecretMetaData;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:WEB-INF/lib/molgenis-security-6.1.0.jar:org/molgenis/security/twofactor/service/RecoveryServiceImpl.class */
public class RecoveryServiceImpl implements RecoveryService {
    private static final int RECOVERY_CODE_COUNT = 10;
    private final DataService dataService;
    private final RecoveryCodeFactory recoveryCodeFactory;
    private final IdGenerator idGenerator;
    private final UserService userService;

    public RecoveryServiceImpl(DataService dataService, UserService userService, RecoveryCodeFactory recoveryCodeFactory, IdGenerator idGenerator) {
        this.dataService = (DataService) Objects.requireNonNull(dataService);
        this.userService = (UserService) Objects.requireNonNull(userService);
        this.recoveryCodeFactory = (RecoveryCodeFactory) Objects.requireNonNull(recoveryCodeFactory);
        this.idGenerator = (IdGenerator) Objects.requireNonNull(idGenerator);
    }

    @Override // org.molgenis.security.twofactor.service.RecoveryService
    @Transactional
    public Stream<RecoveryCode> generateRecoveryCodes() {
        String id = getUser().getId();
        deleteOldRecoveryCodes(id);
        List<RecoveryCode> generateRecoveryCodes = generateRecoveryCodes(id);
        RunAsSystemAspect.runAsSystem(() -> {
            this.dataService.add(RecoveryCodeMetadata.RECOVERY_CODE, generateRecoveryCodes.stream());
        });
        return generateRecoveryCodes.stream();
    }

    @Override // org.molgenis.security.twofactor.service.RecoveryService
    @Transactional
    public void useRecoveryCode(String str) {
        String id = getUser().getId();
        RecoveryCode recoveryCode = (RecoveryCode) RunAsSystemAspect.runAsSystem(() -> {
            return (RecoveryCode) this.dataService.query(RecoveryCodeMetadata.RECOVERY_CODE, RecoveryCode.class).eq("userId", id).and().eq("code", str).findOne();
        });
        if (recoveryCode == null) {
            throw new BadCredentialsException("Invalid recovery code or code already used");
        }
        RunAsSystemAspect.runAsSystem(() -> {
            this.dataService.delete(RecoveryCodeMetadata.RECOVERY_CODE, recoveryCode);
        });
        UserSecret userSecret = (UserSecret) RunAsSystemAspect.runAsSystem(() -> {
            return (UserSecret) this.dataService.query(UserSecretMetaData.USER_SECRET, UserSecret.class).eq("userId", id).findOne();
        });
        userSecret.setFailedLoginAttempts(0);
        RunAsSystemAspect.runAsSystem(() -> {
            this.dataService.update(UserSecretMetaData.USER_SECRET, userSecret);
        });
    }

    @Override // org.molgenis.security.twofactor.service.RecoveryService
    public Stream<RecoveryCode> getRecoveryCodes() {
        String id = getUser().getId();
        return (Stream) RunAsSystemAspect.runAsSystem(() -> {
            return this.dataService.query(RecoveryCodeMetadata.RECOVERY_CODE, RecoveryCode.class).eq("userId", id).findAll();
        });
    }

    private void deleteOldRecoveryCodes(String str) {
        RunAsSystemAspect.runAsSystem(() -> {
            this.dataService.delete(RecoveryCodeMetadata.RECOVERY_CODE, this.dataService.query(RecoveryCodeMetadata.RECOVERY_CODE, RecoveryCode.class).eq("userId", str).findAll());
        });
    }

    private List<RecoveryCode> generateRecoveryCodes(String str) {
        ArrayList newArrayList = Lists.newArrayList();
        for (int i = 0; i < 10; i++) {
            RecoveryCode create = this.recoveryCodeFactory.create();
            create.setUserId(str);
            create.setCode(this.idGenerator.generateId(IdGenerator.Strategy.LONG_SECURE_RANDOM));
            newArrayList.add(create);
        }
        return newArrayList;
    }

    private User getUser() {
        User user = this.userService.getUser(SecurityUtils.getCurrentUsername());
        if (user != null) {
            return user;
        }
        throw new UsernameNotFoundException("Can't find user: [" + SecurityUtils.getCurrentUsername() + "]");
    }
}
