package org.craftercms.profile.services.impl;

import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.activation.MimetypesFileTypeMap;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.collections4.Predicate;
import org.apache.commons.io.FileExistsException;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.bson.types.ObjectId;
import org.craftercms.commons.collections.IterableUtils;
import org.craftercms.commons.crypto.CipherUtils;
import org.craftercms.commons.i10n.I10nLogger;
import org.craftercms.commons.logging.Logged;
import org.craftercms.commons.mail.EmailUtils;
import org.craftercms.commons.mongo.DuplicateKeyException;
import org.craftercms.commons.mongo.FileInfo;
import org.craftercms.commons.mongo.MongoDataException;
import org.craftercms.commons.mongo.UpdateHelper;
import org.craftercms.commons.security.exception.ActionDeniedException;
import org.craftercms.commons.security.exception.PermissionException;
import org.craftercms.commons.security.permissions.PermissionEvaluator;
import org.craftercms.profile.api.AccessToken;
import org.craftercms.profile.api.AttributeAction;
import org.craftercms.profile.api.AttributeDefinition;
import org.craftercms.profile.api.Profile;
import org.craftercms.profile.api.SortOrder;
import org.craftercms.profile.api.Tenant;
import org.craftercms.profile.api.TenantAction;
import org.craftercms.profile.api.Ticket;
import org.craftercms.profile.api.VerificationToken;
import org.craftercms.profile.api.exceptions.I10nProfileException;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.api.services.AuthenticationService;
import org.craftercms.profile.api.services.ProfileAttachment;
import org.craftercms.profile.api.services.ProfileService;
import org.craftercms.profile.api.services.TenantService;
import org.craftercms.profile.exceptions.AttributeNotDefinedException;
import org.craftercms.profile.exceptions.InvalidEmailAddressException;
import org.craftercms.profile.exceptions.InvalidQueryException;
import org.craftercms.profile.exceptions.NoSuchProfileException;
import org.craftercms.profile.exceptions.NoSuchTenantException;
import org.craftercms.profile.exceptions.NoSuchTicketException;
import org.craftercms.profile.exceptions.NoSuchVerificationTokenException;
import org.craftercms.profile.exceptions.ProfileExistsException;
import org.craftercms.profile.repositories.ProfileRepository;
import org.craftercms.profile.services.VerificationService;
import org.craftercms.profile.utils.db.ProfileUpdater;
import org.springframework.beans.factory.annotation.Required;

@Logged
/* loaded from: input_file:WEB-INF/classes/org/craftercms/profile/services/impl/ProfileServiceImpl.class */
public class ProfileServiceImpl implements ProfileService {
    public static final String LOG_KEY_PROFILE_CREATED = "profile.profile.profileCreated";
    public static final String LOG_KEY_PROFILE_UPDATED = "profile.profile.profileUpdated";
    public static final String LOG_KEY_PROFILE_VERIFIED = "profile.profile.profileVerified";
    public static final String LOG_KEY_PROFILE_ENABLED = "profile.profile.profileEnabled";
    public static final String LOG_KEY_PROFILE_DISABLED = "profile.profile.profileDisabled";
    public static final String LOG_KEY_PROFILE_ROLES_ADDED = "profile.profile.rolesAdded";
    public static final String LOG_KEY_PROFILE_ROLES_REMOVED = "profile.profile.rolesRemoved";
    public static final String LOG_KEY_PROFILE_ATTRIBS_UPDATED = "profile.profile.attributesUpdated";
    public static final String LOG_KEY_PROFILE_ATTRIBS_REMOVED = "profile.profile.attributesRemoved";
    public static final String LOG_KEY_PROFILE_DELETED = "profile.profile.profileDeleted";
    public static final String LOG_KEY_PASSWORD_CHANGED = "profile.profile.passwordChanged";
    public static final String ERROR_KEY_CREATE_PROFILE_ERROR = "profile.profile.createProfileError";
    public static final String ERROR_KEY_GET_PROFILE_BY_QUERY_ERROR = "profile.profile.getProfileByQueryError";
    public static final String ERROR_KEY_GET_PROFILE_ERROR = "profile.profile.getProfileError";
    public static final String ERROR_KEY_UPDATE_PROFILE_ERROR = "profile.profile.updateProfileError";
    public static final String ERROR_KEY_DELETE_PROFILE_ERROR = "profile.profile.deleteProfileError";
    public static final String ERROR_KEY_GET_PROFILE_COUNT_BY_QUERY_ERROR = "profile.profile.getProfileCountByQueryError";
    public static final String ERROR_KEY_GET_PROFILES_BY_QUERY_ERROR = "profile.profile.getProfilesByQueryError";
    public static final String ERROR_KEY_GET_PROFILE_BY_USERNAME_ERROR = "profile.profile.getProfileByUsernameError";
    public static final String ERROR_KEY_GET_PROFILE_COUNT_ERROR = "profile.profile.getProfileCountError";
    public static final String ERROR_KEY_GET_PROFILES_ERROR = "profile.profile.getProfilesError";
    public static final String ERROR_KEY_GET_PROFILE_RANGE_ERROR = "profile.profile.getProfileRangeError";
    public static final String ERROR_KEY_GET_PROFILES_BY_ROLE_ERROR = "profile.profile.getProfilesByRoleError";
    public static final String ERROR_KEY_GET_PROFILES_BY_EXISTING_ATTRIB_ERROR = "profile.profile.getProfilesByExistingAttributeError";
    public static final String ERROR_KEY_GET_PROFILES_BY_ATTRIB_VALUE_ERROR = "profile.profile.getProfilesByAttributeValueError";
    public static final String ERROR_KEY_TENANT_NOT_ALLOWED = "profile.profile.query.tenantNotAllowed";
    public static final String ERROR_KEY_WHERE_NOT_ALLOWED = "profile.profile.query.whereNotAllowed";
    public static final String ERROR_KEY_ATTRIBUTE_NOT_ALLOWED = "profile.profile.query.attributeNotAllowed";
    public static final String QUERY_ATTRIBUTE_PATTERN_FORMAT = "['\"]?attributes\\.%s(\\.[^'\":]+)?['\"]?\\s*:";
    public static final String QUERY_FINAL_FORMAT = "{$and: [{tenant: '%s'}, %s]}";
    protected PermissionEvaluator<AccessToken, String> tenantPermissionEvaluator;
    protected PermissionEvaluator<AccessToken, AttributeDefinition> attributePermissionEvaluator;
    protected ProfileRepository profileRepository;
    protected TenantService tenantService;
    protected AuthenticationService authenticationService;
    protected VerificationService verificationService;
    protected List<String> validAttachmentMimeTypes;
    protected String newProfileEmailFromAddress;
    protected String newProfileEmailSubject;
    protected String newProfileEmailTemplateName;
    protected String resetPwdEmailFromAddress;
    protected String resetPwdEmailSubject;
    protected String resetPwdEmailTemplateName;
    private static final I10nLogger logger = new I10nLogger((Class<?>) ProfileServiceImpl.class, "crafter.profile.messages.logging");
    public static final Pattern QUERY_TENANT_PATTERN = Pattern.compile("['\"]?tenant['\"]?\\s*:");
    public static final Pattern QUERY_WHERE_PATTERN = Pattern.compile("['\"]?\\$where['\"]?\\s*:");

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/classes/org/craftercms/profile/services/impl/ProfileServiceImpl$UpdateCallback.class */
    public interface UpdateCallback {
        void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException;
    }

    @Required
    public void setTenantPermissionEvaluator(PermissionEvaluator<AccessToken, String> permissionEvaluator) {
        this.tenantPermissionEvaluator = permissionEvaluator;
    }

    @Required
    public void setAttributePermissionEvaluator(PermissionEvaluator<AccessToken, AttributeDefinition> permissionEvaluator) {
        this.attributePermissionEvaluator = permissionEvaluator;
    }

    @Required
    public void setProfileRepository(ProfileRepository profileRepository) {
        this.profileRepository = profileRepository;
    }

    @Required
    public void setTenantService(TenantService tenantService) {
        this.tenantService = tenantService;
    }

    @Required
    public void setAuthenticationService(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    @Required
    public void setVerificationService(VerificationService verificationService) {
        this.verificationService = verificationService;
    }

    @Required
    public void setNewProfileEmailFromAddress(String str) {
        this.newProfileEmailFromAddress = str;
    }

    @Required
    public void setNewProfileEmailSubject(String str) {
        this.newProfileEmailSubject = str;
    }

    @Required
    public void setNewProfileEmailTemplateName(String str) {
        this.newProfileEmailTemplateName = str;
    }

    @Required
    public void setResetPwdEmailFromAddress(String str) {
        this.resetPwdEmailFromAddress = str;
    }

    @Required
    public void setResetPwdEmailSubject(String str) {
        this.resetPwdEmailSubject = str;
    }

    @Required
    public void setResetPwdEmailTemplateName(String str) {
        this.resetPwdEmailTemplateName = str;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile createProfile(String str, String str2, String str3, String str4, boolean z, Set<String> set, Map<String, Object> map, String str5) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        if (!EmailUtils.validateEmail(str4)) {
            throw new InvalidEmailAddressException(str4);
        }
        try {
            Tenant tenant = getTenant(str);
            Date date = new Date();
            Profile profile = new Profile();
            profile.setTenant(str);
            profile.setUsername(str2);
            profile.setPassword(CipherUtils.hashPassword(str3));
            profile.setEmail(str4);
            profile.setCreatedOn(date);
            profile.setLastModified(date);
            profile.setVerified(false);
            boolean isVerifyNewProfiles = tenant.isVerifyNewProfiles();
            if (!isVerifyNewProfiles || StringUtils.isEmpty(str5)) {
                profile.setEnabled(z);
            }
            if (CollectionUtils.isNotEmpty(set)) {
                profile.setRoles(set);
            }
            for (AttributeDefinition attributeDefinition : tenant.getAttributeDefinitions()) {
                if (attributeDefinition.getDefaultValue() != null) {
                    profile.setAttribute(attributeDefinition.getName(), attributeDefinition.getDefaultValue());
                }
            }
            if (MapUtils.isNotEmpty(map)) {
                rejectAttributesIfActionNotAllowed(tenant, map.keySet(), AttributeAction.WRITE_ATTRIBUTE);
                profile.getAttributes().putAll(map);
            }
            this.profileRepository.insert((ProfileRepository) profile);
            logger.debug(LOG_KEY_PROFILE_CREATED, profile);
            if (isVerifyNewProfiles && StringUtils.isNotEmpty(str5)) {
                this.verificationService.sendEmail(this.verificationService.createToken(profile), profile, str5, this.newProfileEmailFromAddress, this.newProfileEmailSubject, this.newProfileEmailTemplateName);
            }
            return profile;
        } catch (DuplicateKeyException e) {
            throw new ProfileExistsException(str, str2);
        } catch (MongoDataException e2) {
            throw new I10nProfileException(ERROR_KEY_CREATE_PROFILE_ERROR, e2, str2, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile updateProfile(String str, final String str2, final String str3, final String str4, final Boolean bool, final Set<String> set, final Map<String, Object> map, String... strArr) throws ProfileException {
        if (StringUtils.isNotEmpty(str4) && !EmailUtils.validateEmail(str4)) {
            throw new InvalidEmailAddressException(str4);
        }
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.1
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                if (StringUtils.isNotEmpty(str2)) {
                    profileUpdater.setUsername(str2);
                }
                if (StringUtils.isNotEmpty(str3)) {
                    profileUpdater.setPassword(CipherUtils.hashPassword(str3));
                }
                if (StringUtils.isNotEmpty(str4)) {
                    profileUpdater.setEmail(str4);
                }
                if (bool != null) {
                    profileUpdater.setEnabled(bool.booleanValue());
                }
                if (set != null) {
                    profileUpdater.setRoles(set);
                }
                if (MapUtils.isNotEmpty(map)) {
                    ProfileServiceImpl.this.rejectAttributesIfActionNotAllowed(profileUpdater.getProfile().getTenant(), map.keySet(), AttributeAction.WRITE_ATTRIBUTE);
                    profileUpdater.addAttributes(map);
                }
            }
        }, strArr);
        logger.debug(LOG_KEY_PROFILE_UPDATED, updateProfile);
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile verifyProfile(String str, String... strArr) throws ProfileException {
        VerificationToken token = this.verificationService.getToken(str);
        if (token == null) {
            throw new NoSuchVerificationTokenException(str);
        }
        Profile updateProfile = updateProfile(token.getProfileId(), new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.2
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                profileUpdater.setEnabled(true);
                profileUpdater.setVerified(true);
            }
        }, strArr);
        this.verificationService.deleteToken(str);
        logger.debug(LOG_KEY_PROFILE_VERIFIED, updateProfile.getId());
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile enableProfile(String str, String... strArr) throws ProfileException {
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.3
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                profileUpdater.setEnabled(true);
            }
        }, strArr);
        logger.debug(LOG_KEY_PROFILE_ENABLED, str);
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile setLastFailedLogin(String str, final Date date, String... strArr) throws ProfileException {
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.4
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                profileUpdater.setLastFailedLogin(date);
            }
        }, strArr);
        logger.debug(LOG_KEY_PROFILE_ENABLED, str);
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile setFailedLoginAttempts(String str, final int i, String... strArr) throws ProfileException {
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.5
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                profileUpdater.setFailedLoginAttempts(i);
            }
        }, strArr);
        logger.debug(LOG_KEY_PROFILE_ENABLED, str);
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile disableProfile(String str, String... strArr) throws ProfileException {
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.6
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                profileUpdater.setEnabled(false);
            }
        }, strArr);
        logger.debug(LOG_KEY_PROFILE_DISABLED, str);
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile addRoles(String str, final Collection<String> collection, String... strArr) throws ProfileException {
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.7
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                profileUpdater.addRoles(collection);
            }
        }, strArr);
        logger.debug(LOG_KEY_PROFILE_ROLES_ADDED, collection, str);
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile removeRoles(String str, final Collection<String> collection, String... strArr) throws ProfileException {
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.8
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                profileUpdater.removeRoles(collection);
            }
        }, strArr);
        logger.debug(LOG_KEY_PROFILE_ROLES_REMOVED, collection, str);
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Map<String, Object> getAttributes(String str, String... strArr) throws ProfileException {
        return getNonNullProfile(str, strArr).getAttributes();
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile updateAttributes(String str, final Map<String, Object> map, String... strArr) throws ProfileException {
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.9
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                ProfileServiceImpl.this.rejectAttributesIfActionNotAllowed(profileUpdater.getProfile().getTenant(), map.keySet(), AttributeAction.WRITE_ATTRIBUTE);
                profileUpdater.addAttributes(map);
            }
        }, strArr);
        if (logger.isDebugEnabled()) {
            logger.debug(LOG_KEY_PROFILE_ATTRIBS_UPDATED, map.keySet(), str);
        }
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile removeAttributes(String str, final Collection<String> collection, String... strArr) throws ProfileException {
        Profile updateProfile = updateProfile(str, new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.10
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                ProfileServiceImpl.this.rejectAttributesIfActionNotAllowed(profileUpdater.getProfile().getTenant(), collection, AttributeAction.REMOVE_ATTRIBUTE);
                profileUpdater.removeAttributes(collection);
            }
        }, strArr);
        logger.debug(LOG_KEY_PROFILE_ATTRIBS_REMOVED, collection, str);
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public void deleteProfile(String str) throws ProfileException {
        try {
            if (getProfile(str, new String[0]) != null) {
                this.profileRepository.removeById(str);
            }
            logger.debug(LOG_KEY_PROFILE_DELETED, str);
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_DELETE_PROFILE_ERROR, e, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile getProfileByQuery(String str, String str2, String... strArr) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        Tenant tenant = getTenant(str);
        try {
            Profile findOneByQuery = this.profileRepository.findOneByQuery(getFinalQuery(tenant, str2), strArr);
            filterNonReadableAttributes(tenant, findOneByQuery);
            return findOneByQuery;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILE_BY_QUERY_ERROR, e, str2);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile getProfile(String str, String... strArr) throws ProfileException {
        try {
            Profile findById = this.profileRepository.findById(str, strArr);
            if (findById != null) {
                checkIfManageProfilesIsAllowed(findById.getTenant());
                filterNonReadableAttributes(findById);
            }
            return findById;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILE_ERROR, e, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile getProfileByUsername(String str, String str2, String... strArr) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        try {
            Profile findByTenantAndUsername = this.profileRepository.findByTenantAndUsername(str, str2, strArr);
            filterNonReadableAttributes(findByTenantAndUsername);
            return findByTenantAndUsername;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILE_BY_USERNAME_ERROR, e, str2, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile getProfileByTicket(String str, String... strArr) throws ProfileException {
        Ticket ticket = this.authenticationService.getTicket(str);
        if (ticket != null) {
            return getProfile(ticket.getProfileId(), strArr);
        }
        throw new NoSuchTicketException(str);
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public long getProfileCount(String str) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        try {
            return this.profileRepository.countByTenant(str);
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILE_COUNT_ERROR, e, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public long getProfileCountByQuery(String str, String str2) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        Tenant tenant = getTenant(str);
        try {
            return this.profileRepository.count(getFinalQuery(tenant, str2));
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILE_COUNT_BY_QUERY_ERROR, e, tenant, str2);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public List<Profile> getProfilesByQuery(String str, String str2, String str3, SortOrder sortOrder, Integer num, Integer num2, String... strArr) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        Tenant tenant = getTenant(str);
        try {
            List<Profile> list = IterableUtils.toList(this.profileRepository.findByQuery(getFinalQuery(tenant, str2), str3, sortOrder, num, num2, strArr));
            filterNonReadableAttributes(tenant, list);
            return list;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILES_BY_QUERY_ERROR, e, tenant, str2);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public List<Profile> getProfilesByIds(List<String> list, String str, SortOrder sortOrder, String... strArr) throws ProfileException {
        try {
            List<Profile> list2 = IterableUtils.toList(this.profileRepository.findByIds(list, str, sortOrder, strArr));
            if (list2 != null) {
                for (Profile profile : list2) {
                    checkIfManageProfilesIsAllowed(profile.getTenant());
                    filterNonReadableAttributes(profile);
                }
            }
            return list2;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILES_ERROR, e, list);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public List<Profile> getProfileRange(String str, String str2, SortOrder sortOrder, Integer num, Integer num2, String... strArr) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        try {
            List<Profile> list = IterableUtils.toList(this.profileRepository.findRange(str, str2, sortOrder, num, num2, strArr));
            filterNonReadableAttributes(list);
            return list;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILE_RANGE_ERROR, e, num, num2, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public List<Profile> getProfilesByRole(String str, String str2, String str3, SortOrder sortOrder, String... strArr) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        try {
            List<Profile> list = IterableUtils.toList(this.profileRepository.findByTenantAndRole(str, str2, str3, sortOrder, strArr));
            filterNonReadableAttributes(list);
            return list;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILES_BY_ROLE_ERROR, e, str2, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public List<Profile> getProfilesByExistingAttribute(String str, String str2, String str3, SortOrder sortOrder, String... strArr) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        try {
            List<Profile> list = IterableUtils.toList(this.profileRepository.findByTenantAndExistingAttribute(str, str2, str3, sortOrder, strArr));
            filterNonReadableAttributes(list);
            return list;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILES_BY_EXISTING_ATTRIB_ERROR, e, str2, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public List<Profile> getProfilesByAttributeValue(String str, String str2, String str3, String str4, SortOrder sortOrder, String... strArr) throws ProfileException {
        checkIfManageProfilesIsAllowed(str);
        try {
            List<Profile> list = IterableUtils.toList(this.profileRepository.findByTenantAndAttributeValue(str, str2, str3, str4, sortOrder, strArr));
            filterNonReadableAttributes(list);
            return list;
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_GET_PROFILES_BY_ATTRIB_VALUE_ERROR, e, str2, str3, str);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile resetPassword(String str, String str2, String... strArr) throws ProfileException {
        Profile nonNullProfile = getNonNullProfile(str, strArr);
        this.verificationService.sendEmail(this.verificationService.createToken(nonNullProfile), nonNullProfile, str2, this.resetPwdEmailFromAddress, this.resetPwdEmailSubject, this.resetPwdEmailTemplateName);
        return nonNullProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public Profile changePassword(String str, final String str2, String... strArr) throws ProfileException {
        VerificationToken token = this.verificationService.getToken(str);
        if (token == null) {
            throw new NoSuchVerificationTokenException(str);
        }
        Profile updateProfile = updateProfile(token.getProfileId(), new UpdateCallback() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.11
            @Override // org.craftercms.profile.services.impl.ProfileServiceImpl.UpdateCallback
            public void doWithProfile(ProfileUpdater profileUpdater) throws ProfileException {
                profileUpdater.setPassword(CipherUtils.hashPassword(str2));
            }
        }, strArr);
        this.verificationService.deleteToken(str);
        logger.debug(LOG_KEY_PASSWORD_CHANGED, updateProfile.getId().toString());
        return updateProfile;
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public VerificationToken createVerificationToken(String str) throws ProfileException {
        return this.verificationService.createToken(getNonNullProfile(str, new String[0]));
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public VerificationToken getVerificationToken(String str) throws ProfileException {
        return this.verificationService.getToken(str);
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public void deleteVerificationToken(String str) throws ProfileException {
        this.verificationService.deleteToken(str);
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public ProfileAttachment addProfileAttachment(String str, String str2, InputStream inputStream) throws ProfileException {
        String str3 = "/" + str + "/" + FilenameUtils.removeExtension(str2);
        try {
            ObjectId checkIfAttchmentExist = checkIfAttchmentExist(str3);
            return fileInfoToProfileAttachment(checkIfAttchmentExist != null ? this.profileRepository.updateFile(checkIfAttchmentExist, inputStream, str3, getAttachmentContentType(str2), true) : this.profileRepository.saveFile(inputStream, str3, getAttachmentContentType(str2)));
        } catch (FileNotFoundException | SecurityException | FileExistsException | MongoDataException e) {
            if (e instanceof SecurityException) {
                throw new ProfileException("The given ContentType is not allowed", e);
            }
            throw new ProfileException("Unable to Attach file to Profile", e);
        }
    }

    private ObjectId checkIfAttchmentExist(String str) {
        ObjectId objectId = null;
        try {
            objectId = this.profileRepository.getFileInfo(str).getFileId();
        } catch (FileNotFoundException e) {
        }
        return objectId;
    }

    private ProfileAttachment fileInfoToProfileAttachment(FileInfo fileInfo) {
        if (fileInfo == null) {
            return new ProfileAttachment();
        }
        ProfileAttachment profileAttachment = new ProfileAttachment();
        profileAttachment.setContentType(fileInfo.getContentType());
        profileAttachment.setMd5(fileInfo.getMd5());
        profileAttachment.setFileName(fileInfo.getStoreName().substring(fileInfo.getStoreName().lastIndexOf("/") + 1));
        profileAttachment.setFileSize(fileInfo.getFileSize());
        profileAttachment.setFileSizeBytes(fileInfo.getFileSizeBytes());
        profileAttachment.setId(fileInfo.getFileId().toString());
        return profileAttachment;
    }

    private String getAttachmentContentType(String str) {
        String contentType = new MimetypesFileTypeMap().getContentType(str);
        if (this.validAttachmentMimeTypes.contains(contentType)) {
            return contentType;
        }
        throw new SecurityException("File " + str + " if of content Type " + contentType + " which is not allowed");
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public ProfileAttachment getProfileAttachmentInformation(String str, String str2) throws ProfileException {
        try {
            return fileInfoToProfileAttachment(this.profileRepository.getFileInfo("/" + str + "/" + str2));
        } catch (FileNotFoundException e) {
            return new ProfileAttachment();
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public InputStream getProfileAttachment(String str, String str2) throws ProfileException {
        try {
            return this.profileRepository.readFile("/" + str2 + "/" + str).getInputStream();
        } catch (FileNotFoundException e) {
            return new ByteArrayInputStream(new byte[0]);
        }
    }

    @Override // org.craftercms.profile.api.services.ProfileService
    public List<ProfileAttachment> getProfileAttachments(String str) throws ProfileException {
        List<FileInfo> listFilesByName = this.profileRepository.listFilesByName(str);
        ArrayList arrayList = new ArrayList();
        Iterator<FileInfo> it = listFilesByName.iterator();
        while (it.hasNext()) {
            arrayList.add(fileInfoToProfileAttachment(it.next()));
        }
        return arrayList;
    }

    protected void checkIfManageProfilesIsAllowed(String str) {
        if (!this.tenantPermissionEvaluator.isAllowed(str, TenantAction.MANAGE_PROFILES.toString())) {
            throw new ActionDeniedException(TenantAction.MANAGE_PROFILES.toString(), "tenant \"" + str + "\"");
        }
    }

    protected Profile getNonNullProfile(String str, String... strArr) throws ProfileException {
        Profile profile = getProfile(str, strArr);
        if (profile != null) {
            return profile;
        }
        throw new NoSuchProfileException(str);
    }

    protected Tenant getTenant(String str) throws ProfileException {
        Tenant tenant = this.tenantService.getTenant(str);
        if (tenant != null) {
            return tenant;
        }
        throw new NoSuchTenantException(str);
    }

    protected Profile updateProfile(String str, UpdateCallback updateCallback, String... strArr) throws ProfileException {
        Profile nonNullProfile = getNonNullProfile(str, new String[0]);
        ProfileUpdater profileUpdater = new ProfileUpdater(nonNullProfile, new UpdateHelper(), this.profileRepository);
        updateCallback.doWithProfile(profileUpdater);
        profileUpdater.setLastModified(new Date());
        try {
            profileUpdater.update();
            return filterAttributes(nonNullProfile, strArr);
        } catch (MongoDataException e) {
            throw new I10nProfileException(ERROR_KEY_UPDATE_PROFILE_ERROR, e, str);
        }
    }

    protected boolean isAttributeActionAllowed(AttributeDefinition attributeDefinition, AttributeAction attributeAction) {
        return this.attributePermissionEvaluator.isAllowed(attributeDefinition, attributeAction.toString());
    }

    protected Profile filterAttributes(Profile profile, String[] strArr) {
        if (ArrayUtils.isNotEmpty(strArr) && MapUtils.isNotEmpty(profile.getAttributes())) {
            Iterator<String> it = profile.getAttributes().keySet().iterator();
            while (it.hasNext()) {
                if (!ArrayUtils.contains(strArr, it.next())) {
                    it.remove();
                }
            }
        }
        return profile;
    }

    protected void filterNonReadableAttributes(Profile profile) throws ProfileException {
        if (profile != null) {
            filterNonReadableAttributes(getTenant(profile.getTenant()), profile);
        }
    }

    protected void filterNonReadableAttributes(Tenant tenant, Profile profile) throws ProfileException {
        if (profile != null) {
            List<AttributeDefinition> attributeDefinitions = tenant.getAttributeDefinitions();
            Iterator<String> it = profile.getAttributes().keySet().iterator();
            while (it.hasNext()) {
                filterAttributeIfReadNotAllowed(tenant, it, attributeDefinitions);
            }
        }
    }

    protected void filterNonReadableAttributes(Iterable<Profile> iterable) throws ProfileException {
        if (iterable != null) {
            Iterator<Profile> it = iterable.iterator();
            while (it.hasNext()) {
                filterNonReadableAttributes(it.next());
            }
        }
    }

    protected void filterNonReadableAttributes(Tenant tenant, Iterable<Profile> iterable) throws ProfileException {
        if (iterable != null) {
            Iterator<Profile> it = iterable.iterator();
            while (it.hasNext()) {
                filterNonReadableAttributes(tenant, it.next());
            }
        }
    }

    protected void rejectAttributesIfActionNotAllowed(String str, Collection<String> collection, AttributeAction attributeAction) throws ProfileException {
        rejectAttributesIfActionNotAllowed(getTenant(str), collection, attributeAction);
    }

    protected void rejectAttributesIfActionNotAllowed(Tenant tenant, Collection<String> collection, AttributeAction attributeAction) throws ProfileException {
        List<AttributeDefinition> attributeDefinitions = tenant.getAttributeDefinitions();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            rejectAttributeIfActionNotAllowed(tenant, it.next(), attributeAction, attributeDefinitions);
        }
    }

    protected void filterAttributeIfReadNotAllowed(Tenant tenant, Iterator<String> it, List<AttributeDefinition> list) throws PermissionException, AttributeNotDefinedException {
        String name = tenant.getName();
        String next = it.next();
        AttributeDefinition findAttributeDefinition = findAttributeDefinition(list, next);
        if (findAttributeDefinition == null) {
            throw new AttributeNotDefinedException(next, name);
        }
        if (isAttributeActionAllowed(findAttributeDefinition, AttributeAction.READ_ATTRIBUTE)) {
            return;
        }
        it.remove();
    }

    protected void rejectAttributeIfActionNotAllowed(Tenant tenant, String str, AttributeAction attributeAction, List<AttributeDefinition> list) throws PermissionException, AttributeNotDefinedException {
        AttributeDefinition findAttributeDefinition = findAttributeDefinition(list, str);
        if (findAttributeDefinition == null) {
            throw new AttributeNotDefinedException(str, tenant.getName());
        }
        if (!isAttributeActionAllowed(findAttributeDefinition, attributeAction)) {
            throw new ActionDeniedException(attributeAction.toString(), "attribute \"" + str + "\"");
        }
    }

    protected String getFinalQuery(Tenant tenant, String str) throws ProfileException {
        validateQuery(tenant, str);
        return String.format(QUERY_FINAL_FORMAT, tenant.getName(), str);
    }

    protected void validateQuery(Tenant tenant, String str) throws ProfileException {
        if (QUERY_TENANT_PATTERN.matcher(str).find()) {
            throw new InvalidQueryException(ERROR_KEY_TENANT_NOT_ALLOWED, new Object[0]);
        }
        if (QUERY_WHERE_PATTERN.matcher(str).find()) {
            throw new InvalidQueryException(ERROR_KEY_WHERE_NOT_ALLOWED, new Object[0]);
        }
        for (AttributeDefinition attributeDefinition : tenant.getAttributeDefinitions()) {
            if (!this.attributePermissionEvaluator.isAllowed(attributeDefinition, AttributeAction.READ_ATTRIBUTE.toString())) {
                String name = attributeDefinition.getName();
                if (Pattern.compile(String.format(QUERY_ATTRIBUTE_PATTERN_FORMAT, name)).matcher(str).find()) {
                    throw new InvalidQueryException(ERROR_KEY_ATTRIBUTE_NOT_ALLOWED, name);
                }
            }
        }
    }

    public void setValidAttachmentMimeTypes(String str) {
        if (StringUtils.isNotBlank(str)) {
            this.validAttachmentMimeTypes = Arrays.asList(str.split(","));
        } else {
            this.validAttachmentMimeTypes = Collections.EMPTY_LIST;
        }
    }

    protected AttributeDefinition findAttributeDefinition(List<AttributeDefinition> list, final String str) {
        return (AttributeDefinition) CollectionUtils.find(list, new Predicate<AttributeDefinition>() { // from class: org.craftercms.profile.services.impl.ProfileServiceImpl.12
            @Override // org.apache.commons.collections4.Predicate
            public boolean evaluate(AttributeDefinition attributeDefinition) {
                return attributeDefinition.getName().equals(str);
            }
        });
    }
}
