package org.apache.guacamole.rest.user;

import com.google.inject.assistedinject.Assisted;
import com.google.inject.assistedinject.AssistedInject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.GuacamoleUnsupportedException;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
import org.apache.guacamole.net.auth.simple.SimpleActivityRecordSet;
import org.apache.guacamole.net.event.DirectoryEvent;
import org.apache.guacamole.rest.directory.DirectoryObjectResource;
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
import org.apache.guacamole.rest.history.UserHistoryResource;
import org.apache.guacamole.rest.identifier.RelatedObjectSetResource;
import org.apache.guacamole.rest.permission.APIPermissionSet;
import org.apache.guacamole.rest.permission.PermissionSetResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Produces({MediaType.APPLICATION_JSON})
@Consumes({MediaType.APPLICATION_JSON})
/* loaded from: input_file:WEB-INF/classes/org/apache/guacamole/rest/user/UserResource.class */
public class UserResource extends DirectoryObjectResource<User, APIUser> {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) UserResource.class);

    @AssistedInject
    public UserResource(@Assisted AuthenticatedUser authenticatedUser, @Assisted UserContext userContext, @Assisted Directory<User> directory, @Assisted User user, DirectoryObjectTranslator<User, APIUser> directoryObjectTranslator) {
        super(authenticatedUser, userContext, User.class, directory, user, directoryObjectTranslator);
    }

    @Path("history")
    public UserHistoryResource getUserHistory() throws GuacamoleException {
        User internalObject = getInternalObject();
        try {
            return new UserHistoryResource(internalObject.getUserHistory());
        } catch (GuacamoleUnsupportedException e) {
            logger.debug("Call to getUserHistory() is unsupported, falling back to deprecated method getHistory().", (Throwable) e);
            try {
                return new UserHistoryResource(new SimpleActivityRecordSet(internalObject.getHistory()));
            } catch (GuacamoleUnsupportedException e2) {
                logger.debug("Call to getHistory() is unsupported, no user history records will be returned.", (Throwable) e2);
                return new UserHistoryResource(new SimpleActivityRecordSet());
            }
        }
    }

    @Override // org.apache.guacamole.rest.directory.DirectoryObjectResource
    public void updateObject(APIUser aPIUser) throws GuacamoleException {
        try {
            if (getUserContext().self().getIdentifier().equals(aPIUser.getUsername()) && aPIUser.getPassword() != null) {
                throw new GuacamoleSecurityException("Permission denied. The password update endpoint must be used to change the current user's password.");
            }
            super.updateObject((UserResource) aPIUser);
        } catch (Error | RuntimeException | GuacamoleException e) {
            fireDirectoryFailureEvent(DirectoryEvent.Operation.UPDATE, e);
            throw e;
        }
    }

    @Path("password")
    @PUT
    public void updatePassword(APIUserPasswordUpdate aPIUserPasswordUpdate, @Context HttpServletRequest httpServletRequest) throws GuacamoleException {
        User internalObject = getInternalObject();
        try {
            if (getUserContext().getAuthenticationProvider().authenticateUser(new Credentials(internalObject.getIdentifier(), aPIUserPasswordUpdate.getOldPassword(), httpServletRequest)) == null) {
                throw new GuacamoleSecurityException("Permission denied.");
            }
            try {
                internalObject.setPassword(aPIUserPasswordUpdate.getNewPassword());
                getDirectory().update(internalObject);
                fireDirectorySuccessEvent(DirectoryEvent.Operation.UPDATE);
            } catch (Error | RuntimeException | GuacamoleException e) {
                fireDirectoryFailureEvent(DirectoryEvent.Operation.UPDATE, e);
                throw e;
            }
        } catch (GuacamoleCredentialsException e2) {
            throw new GuacamoleSecurityException("Permission denied.");
        }
    }

    @Path("permissions")
    public PermissionSetResource getPermissions() {
        return new PermissionSetResource(getInternalObject());
    }

    @GET
    @Path("effectivePermissions")
    public APIPermissionSet getEffectivePermissions() throws GuacamoleException {
        return new APIPermissionSet(getInternalObject().getEffectivePermissions());
    }

    @Path("userGroups")
    public RelatedObjectSetResource getUserGroups() throws GuacamoleException {
        return new RelatedObjectSetResource(getInternalObject().getUserGroups());
    }
}
