package org.sonatype.security.rest.users;

import javax.enterprise.inject.Typed;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.codehaus.enunciate.contract.jaxrs.ResourceMethodSignature;
import org.restlet.Context;
import org.restlet.data.Request;
import org.restlet.data.Response;
import org.restlet.data.Status;
import org.restlet.resource.ResourceException;
import org.restlet.resource.Variant;
import org.sonatype.configuration.validation.InvalidConfigurationException;
import org.sonatype.plexus.rest.resource.PathProtectionDescriptor;
import org.sonatype.plexus.rest.resource.PlexusResource;
import org.sonatype.plexus.rest.resource.PlexusResourceException;
import org.sonatype.security.rest.model.UserResource;
import org.sonatype.security.rest.model.UserResourceRequest;
import org.sonatype.security.rest.model.UserResourceResponse;
import org.sonatype.security.usermanagement.NoSuchUserManagerException;
import org.sonatype.security.usermanagement.User;
import org.sonatype.security.usermanagement.UserNotFoundException;

@Path(UserPlexusResource.RESOURCE_URI)
@Consumes({"application/xml", MediaType.APPLICATION_JSON})
@Named("UserPlexusResource")
@Singleton
@Typed({PlexusResource.class})
@Produces({"application/xml", MediaType.APPLICATION_JSON})
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-restlet1x-plugin-2.14.20-02/nexus-restlet1x-plugin-2.14.20-02.jar:org/sonatype/security/rest/users/UserPlexusResource.class */
public class UserPlexusResource extends AbstractUserPlexusResource {
    public static final String RESOURCE_URI = "/users/{userId}";

    public UserPlexusResource() {
        setModifiable(true);
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public Object getPayloadInstance() {
        return new UserResourceRequest();
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public String getResourceUri() {
        return RESOURCE_URI;
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    public PathProtectionDescriptor getResourceProtection() {
        return new PathProtectionDescriptor("/users/*", "authcBasic,perms[security:users]");
    }

    protected String getUserId(Request request) {
        return getRequestAttribute(request, "userId");
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    @GET
    @ResourceMethodSignature(output = UserResourceResponse.class, pathParams = {@PathParam("userId")})
    public Object get(Context context, Request request, Response response, Variant variant) throws ResourceException {
        UserResourceResponse userResourceResponse = new UserResourceResponse();
        try {
            userResourceResponse.setData(securityToRestModel(getSecuritySystem().getUser(getUserId(request)), request, false));
            return userResourceResponse;
        } catch (UserNotFoundException e) {
            throw new ResourceException(Status.CLIENT_ERROR_NOT_FOUND, e.getMessage());
        }
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    @POST
    @ResourceMethodSignature(output = UserResourceResponse.class, pathParams = {@PathParam("userId")})
    public Object put(Context context, Request request, Response response, Object obj) throws ResourceException {
        UserResourceRequest userResourceRequest = (UserResourceRequest) obj;
        UserResourceResponse userResourceResponse = null;
        if (userResourceRequest != null) {
            UserResource data = userResourceRequest.getData();
            if (StringUtils.isNotEmpty(data.getPassword())) {
                throw new PlexusResourceException(Status.CLIENT_ERROR_BAD_REQUEST, getErrorResponse("*", "Updating a users password using this URI is not allowed."));
            }
            try {
                User restToSecurityModel = restToSecurityModel(getSecuritySystem().getUser(data.getUserId()), data);
                validateUserContainment(restToSecurityModel);
                getSecuritySystem().updateUser(restToSecurityModel);
                userResourceResponse = new UserResourceResponse();
                userResourceResponse.setData(userResourceRequest.getData());
                userResourceResponse.getData().setResourceURI(createChildReference(request, data.getUserId()).toString());
            } catch (InvalidConfigurationException e) {
                handleInvalidConfigurationException(e);
            } catch (NoSuchUserManagerException e2) {
                throw new PlexusResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Unable to create user.", getErrorResponse("*", e2.getMessage()));
            } catch (UserNotFoundException e3) {
                throw new ResourceException(Status.CLIENT_ERROR_NOT_FOUND, e3.getMessage());
            }
        }
        return userResourceResponse;
    }

    @Override // org.sonatype.plexus.rest.resource.AbstractPlexusResource, org.sonatype.plexus.rest.resource.PlexusResource
    @ResourceMethodSignature(pathParams = {@PathParam("userId")})
    @DELETE
    public void delete(Context context, Request request, Response response) throws ResourceException {
        try {
            if (isAnonymousUser(getUserId(request), request)) {
                String str = "The user with user ID [" + getUserId(request) + "] cannot be deleted, since it is marked user used for Anonymous access in Server Administration. To delete this user, disable anonymous access or, change the anonymous username and password to another valid values!";
                getLogger().info("Anonymous user cannot be deleted! Unset the Allow Anonymous access first in Server Administration!");
                throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, str);
            }
            if (isCurrentUser(request)) {
                String str2 = "The user with user ID [" + getUserId(request) + "] cannot be deleted, as that is the user currently logged into the application.";
                getLogger().info("The user with user ID [" + getUserId(request) + "] cannot be deleted, as that is the user currently logged into the application.");
                throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, str2);
            }
            getSecuritySystem().deleteUser(getUserId(request));
            response.setStatus(Status.SUCCESS_NO_CONTENT);
        } catch (UserNotFoundException e) {
            throw new ResourceException(Status.CLIENT_ERROR_NOT_FOUND, e.getMessage());
        }
    }

    protected boolean isCurrentUser(Request request) {
        Subject subject = SecurityUtils.getSubject();
        if (subject == null || subject.getPrincipal() == null) {
            return false;
        }
        return subject.getPrincipal().equals(getUserId(request));
    }
}
