package com.yonyou.uap.tenant.web.controller;

import com.aliyun.mns.common.utils.ServiceConstants;
import com.yonyou.uap.tenant.entity.PasswordLevel;
import com.yonyou.uap.tenant.entity.Tenant;
import com.yonyou.uap.tenant.entity.TenantRes;
import com.yonyou.uap.tenant.entity.TenantUser;
import com.yonyou.uap.tenant.entity.UserPermission;
import com.yonyou.uap.tenant.sdk.PasswordPolicyUtils;
import com.yonyou.uap.tenant.service.itf.IAuthResService;
import com.yonyou.uap.tenant.service.itf.IResGroupService;
import com.yonyou.uap.tenant.service.itf.IResTenantService;
import com.yonyou.uap.tenant.service.itf.ITenantRes;
import com.yonyou.uap.tenant.service.itf.ITenantService;
import com.yonyou.uap.tenant.service.itf.ITenantUserService;
import com.yonyou.uap.tenant.service.itf.ITransactionalService;
import com.yonyou.uap.tenant.service.itf.IUserPermissionService;
import com.yonyou.uap.tenant.service.itf.IUserWeiXinService;
import com.yonyou.uap.tenant.utils.Constants;
import com.yonyou.uap.tenant.utils.DateUtils;
import com.yonyou.uap.tenant.utils.EventUtils;
import com.yonyou.uap.tenant.utils.IDGenerator;
import com.yonyou.uap.tenant.utils.JsonResponse;
import com.yonyou.uap.tenant.utils.PasswordUtils;
import com.yonyou.uap.tenant.utils.ValidatorResultHandler;
import com.yonyou.uap.tenant.utils.securitylog.UserAuthSecurityLogUtils;
import com.yonyou.uap.tenant.utils.securitylog.UserSecurityLogUtils;
import com.yonyou.uap.tenant.web.filter.PerformanceLoggerCollector;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.groups.Default;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.batik.util.SVGConstants;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.joda.time.DateTimeConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Sort;
import org.springframework.orm.ObjectOptimisticLockingFailureException;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
import org.springframework.web.util.TagUtils;
import org.springside.modules.persistence.SearchFilter;
import uap.web.cache.CacheManager;
import uap.web.file.fdfs.FastdfsClient;
import uap.web.utils.PropertyUtil;
import uap.web.utils.RSAUtils;

@RequestMapping({"/rest/user"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/yonyou/uap/tenant/web/controller/TenantUserRestController.class */
public class TenantUserRestController {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private ITenantUserService userService;

    @Autowired
    private IAuthResService authResService;

    @Autowired
    private IUserPermissionService userPermissionService;

    @Autowired
    private ITenantService tenantService;

    @Autowired
    private IResTenantService resTenantService;

    @Autowired
    private ITransactionalService transactionalService;

    @Autowired
    private EventUtils eventUtil;

    @Autowired
    private PasswordPolicyUtils passwordUtil;

    @Autowired
    private ITenantRes tenantResService;

    @Autowired
    protected CacheManager cacheManager;

    @Autowired
    private UserAuthSecurityLogUtils userAuthSecurityLogUtils;

    @Autowired
    private IResGroupService resGroupService;

    @Autowired
    private IUserWeiXinService weiXinService;

    @Autowired
    private UserSecurityLogUtils userSecurityLogUtils;

    @RequestMapping(value = {TagUtils.SCOPE_PAGE}, method = {RequestMethod.GET})
    public JsonResponse userList(@RequestParam(value = "pn", defaultValue = "1") int i, @RequestParam(value = "ps", defaultValue = "20") int i2, @RequestParam(value = "sortType", defaultValue = "auto") String str, Model model, ServletRequest servletRequest) {
        HashMap hashMap = new HashMap();
        String parameter = servletRequest.getParameter("tenantId");
        String parameter2 = servletRequest.getParameter("userCode");
        String parameter3 = servletRequest.getParameter("userName");
        try {
            if (StringUtils.isNotBlank(parameter2)) {
                parameter2 = URLDecoder.decode(new String(parameter2.getBytes("ISO-8859-1"), ServiceConstants.DEFAULT_ENCODING), ServiceConstants.DEFAULT_ENCODING);
            }
            if (StringUtils.isNotBlank(parameter3)) {
                parameter3 = URLDecoder.decode(new String(parameter3.getBytes("ISO-8859-1"), ServiceConstants.DEFAULT_ENCODING), ServiceConstants.DEFAULT_ENCODING);
            }
            if (StringUtils.isBlank(parameter)) {
                return new JsonResponse(0, "租户ID不能为空");
            }
            PageRequest buildPageRequest = buildPageRequest(i, i2, str);
            if (!StringUtils.isBlank(parameter2)) {
                hashMap.put(SearchFilter.Operator.LIKE + "_userCode", parameter2);
            }
            if (!StringUtils.isBlank(parameter3)) {
                hashMap.put(SearchFilter.Operator.LIKE + "_userName", parameter3);
            }
            hashMap.put(SearchFilter.Operator.EQ + "_tenantId", parameter);
            Page<TenantUser> userPage = this.userService.getUserPage(hashMap, buildPageRequest);
            Iterator<TenantUser> it = userPage.getContent().iterator();
            while (it.hasNext()) {
                dealUserAvator(it.next());
            }
            JsonResponse jsonResponse = new JsonResponse();
            jsonResponse.success();
            jsonResponse.put(IniRealm.USERS_SECTION_NAME, JSONArray.fromObject(userPage, this.userService.getUserJsonConfig(false)));
            return jsonResponse;
        } catch (UnsupportedEncodingException e) {
            return new JsonResponse(0, "url解码错误");
        }
    }

    @RequestMapping(value = {"/{userId}"}, method = {RequestMethod.GET})
    public JsonResponse getUserById(@PathVariable("userId") String str) {
        JsonResponse jsonResponse = new JsonResponse();
        try {
            TenantUser findByUserId = this.userService.findByUserId(str);
            dealUserAvator(findByUserId);
            jsonResponse.success();
            jsonResponse.put("user", JSONObject.fromObject(findByUserId, this.userService.getUserJsonConfig(false)));
            return jsonResponse;
        } catch (Exception e) {
            this.logger.error("用重复数据，userId = " + str, (Throwable) e);
            jsonResponse.failed("用重复数据，userId = " + str);
            return jsonResponse;
        }
    }

    @RequestMapping(value = {"istelexist/{tel}"}, method = {RequestMethod.GET})
    public JsonResponse isTelExist(@PathVariable("tel") String str) {
        JsonResponse jsonResponse = new JsonResponse();
        int i = this.userService.isTelExist(str) ? 1 : 0;
        jsonResponse.success();
        jsonResponse.put("flag", Integer.valueOf(i));
        return jsonResponse;
    }

    @RequestMapping(value = {"isusercodeexist/{usercode:.+}"}, method = {RequestMethod.GET})
    public JsonResponse isUserCodeExist(@PathVariable("usercode") String str) {
        JsonResponse jsonResponse = new JsonResponse();
        int i = this.userService.isUserCodeExist(str) ? 1 : 0;
        jsonResponse.success();
        jsonResponse.put("flag", Integer.valueOf(i));
        return jsonResponse;
    }

    @RequestMapping(value = {"loginname/{userName:.+}"}, method = {RequestMethod.GET})
    public JsonResponse getUserByLoginName(@PathVariable("userName") String str) {
        JsonResponse jsonResponse = new JsonResponse();
        try {
            TenantUser findByLoginName = this.userService.findByLoginName(str);
            dealUserAvator(findByLoginName);
            jsonResponse.success();
            jsonResponse.put("user", JSONObject.fromObject(findByLoginName, this.userService.getUserJsonConfig(false)));
            return jsonResponse;
        } catch (Exception e) {
            this.logger.error("用户表中按用户名查询有垃圾数据：" + str, (Throwable) e);
            jsonResponse.failed("用户表中按用户名查询有垃圾数据：" + str);
            return jsonResponse;
        }
    }

    @RequestMapping(value = {"isadmin/{userCode:.+}"}, method = {RequestMethod.GET})
    public JsonResponse isAdmin(@PathVariable("userCode") String str) {
        JsonResponse jsonResponse = new JsonResponse();
        int i = this.userService.isAdmin(str) ? 1 : 0;
        jsonResponse.success();
        jsonResponse.put("flag", Integer.valueOf(i));
        return jsonResponse;
    }

    private PageRequest buildPageRequest(int i, int i2, String str) {
        Sort sort = null;
        if ("auto".equals(str)) {
            sort = new Sort(Sort.Direction.ASC, "userCode");
        } else if ("name".equals(str)) {
            sort = new Sort(Sort.Direction.ASC, "userName");
        }
        return new PageRequest(i - 1, i2, sort);
    }

    @RequestMapping(value = {"/user"}, method = {RequestMethod.POST})
    @ResponseBody
    public JsonResponse addUser(@Validated({TenantUser.AddUserChecks.class, Default.class}) TenantUser tenantUser, BindingResult bindingResult, HttpServletRequest httpServletRequest) {
        JsonResponse handle = ValidatorResultHandler.handle(bindingResult);
        if (handle.isfailed()) {
            return handle;
        }
        JsonResponse checkUnique = this.userService.checkUnique(tenantUser);
        if (checkUnique.isfailed()) {
            return checkUnique;
        }
        String parameter = httpServletRequest.getParameter("cuser");
        String parameter2 = httpServletRequest.getParameter("systemId");
        try {
            tenantUser.setTypeId(3);
            PasswordUtils.setSalt(tenantUser);
            tenantUser.setUserPassword(PasswordUtils.encodePasswordUsingSHA(this.passwordUtil.getUserDefaultPassword(tenantUser.getTenantId())));
            tenantUser.setUserPassword(PasswordUtils.encodebyUserCode(tenantUser));
            tenantUser.setPwdstarttime(DateUtils.getCurrectTime());
            tenantUser.setUserId(null);
            TenantUser saveUser = this.userService.saveUser(tenantUser);
            dealUserAvator(saveUser);
            if (StringUtils.isNotBlank(parameter2) && StringUtils.isNotBlank(parameter)) {
                if (this.resGroupService.isGroupCode(parameter2)) {
                    authWhenAddUser(saveUser, parameter, this.resGroupService.getAllBuyRes(parameter2, saveUser.getTenantId()));
                } else {
                    authWhenAddUser(saveUser, parameter, new String[]{parameter2});
                }
            }
            this.passwordUtil.afterInsertUser(saveUser.getTenantId(), saveUser.getUserId(), saveUser.getUserPassword());
            this.eventUtil.dispatchAfterAddEvent(saveUser, parameter2);
            checkUnique.successWithData("user", JSONObject.fromObject(saveUser, this.userService.getUserJsonConfig(false)));
        } catch (Exception e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            checkUnique.failed("保存失败");
        }
        return checkUnique;
    }

    private void authWhenAddUser(TenantUser tenantUser, String str, String[] strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : strArr) {
            UserPermission userPermission = new UserPermission();
            userPermission.setId(IDGenerator.generate());
            userPermission.setResId(this.authResService.getResId(str2));
            userPermission.setResCode(str2);
            userPermission.setTenantId(tenantUser.getTenantId());
            userPermission.setUserId(tenantUser.getUserId());
            userPermission.setUserCode(tenantUser.getUserCode());
            userPermission.setAuthorizerId(str);
            userPermission.setAuthTime(DateUtils.getCurrectTime());
            arrayList.add(userPermission);
        }
        this.userPermissionService.save(arrayList);
    }

    @RequestMapping(value = {"/{userId}"}, method = {RequestMethod.DELETE})
    @ResponseBody
    public JsonResponse delete(@PathVariable("userId") String str, HttpServletRequest httpServletRequest) {
        JsonResponse jsonResponse = new JsonResponse();
        String parameter = httpServletRequest.getParameter("systemId");
        TenantUser findByUserId = this.userService.findByUserId(str);
        if (findByUserId == null) {
            jsonResponse.failed("用户不存在");
        } else if (1 == findByUserId.getTypeId()) {
            jsonResponse.failed("租户管理员不可删除");
        } else {
            try {
                this.userService.deleteUserByID(str);
                this.userService.afterDelUser(findByUserId);
                this.passwordUtil.afterDeleteUserNeedDeletePwdInfo(new String[]{findByUserId.getUserId()});
                this.eventUtil.dispatchAfterDeleteEvent(findByUserId, parameter);
                this.userSecurityLogUtils.onDeleteSuccess(httpServletRequest, findByUserId);
                jsonResponse.success();
            } catch (ObjectOptimisticLockingFailureException e) {
                this.logger.error(e.getMessage(), (Throwable) e);
                jsonResponse.setStatus(5);
                jsonResponse.setMessage(Constants.OPTIMISTICLOCKINGFAILUREMSM);
                return jsonResponse;
            } catch (Exception e2) {
                this.logger.error(e2.getMessage(), (Throwable) e2);
                jsonResponse.failed("删除失败");
                return jsonResponse;
            }
        }
        return jsonResponse;
    }

    @RequestMapping(value = {"/{userId}"}, method = {RequestMethod.POST})
    @ResponseBody
    public JsonResponse updateUser(@PathVariable("userId") String str, TenantUser tenantUser, HttpServletRequest httpServletRequest) {
        JsonResponse validateUser = this.userService.validateUser(tenantUser);
        if (validateUser.isfailed()) {
            return validateUser;
        }
        String systemId = tenantUser.getSystemId();
        TenantUser findByUserId = this.userService.findByUserId(tenantUser.getUserId());
        if (findByUserId != null) {
            this.userService.updateUser(findByUserId, tenantUser);
            findByUserId.setCompanyId(tenantUser.getCompanyId());
            findByUserId.setDepartmentId(tenantUser.getDepartmentId());
            try {
                tenantUser = this.userService.saveUser(findByUserId);
                dealUserAvator(tenantUser);
                this.eventUtil.dispatchAfterUpdateEvent(tenantUser, systemId);
            } catch (ObjectOptimisticLockingFailureException e) {
                this.logger.error(e.getMessage(), (Throwable) e);
                validateUser.setStatus(5);
                validateUser.setMessage(Constants.OPTIMISTICLOCKINGFAILUREMSM);
                return validateUser;
            } catch (Exception e2) {
                this.logger.error("更新出错!", (Throwable) e2);
                validateUser.failed("保存失败");
            }
            validateUser.put("user", JSONObject.fromObject(tenantUser, this.userService.getUserJsonConfig(false)));
            validateUser.success("保存成功");
        } else {
            validateUser.failed("不存在这个用户");
        }
        return validateUser;
    }

    @RequestMapping(value = {"/users"}, method = {RequestMethod.GET})
    @ResponseBody
    public JsonResponse getUsers(HttpServletRequest httpServletRequest) {
        JsonResponse jsonResponse = new JsonResponse();
        String[] parameterValues = httpServletRequest.getParameterValues("userIds");
        if (parameterValues.length > 50) {
            return jsonResponse.failedWithReturn("数组大小超过50");
        }
        List<TenantUser> queryUserByPks = this.userService.queryUserByPks(parameterValues);
        Iterator<TenantUser> it = queryUserByPks.iterator();
        while (it.hasNext()) {
            dealUserAvator(it.next());
        }
        jsonResponse.successWithData(IniRealm.USERS_SECTION_NAME, JSONArray.fromObject(queryUserByPks, this.userService.getUserJsonConfig(false)));
        return jsonResponse;
    }

    @RequestMapping(method = {RequestMethod.POST}, value = {"validate"})
    public JsonResponse validateUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Model model) throws IOException {
        PerformanceLoggerCollector.start("validateUser");
        String parameter = httpServletRequest.getParameter("userName");
        String parameter2 = httpServletRequest.getParameter("userPassword");
        String parameter3 = httpServletRequest.getParameter("systemId");
        JsonResponse jsonResponse = new JsonResponse();
        if (StringUtils.isBlank(parameter) || StringUtils.isBlank(parameter2)) {
            jsonResponse.failed(Constants.STATUSCODE101);
            return jsonResponse;
        }
        PerformanceLoggerCollector.start("queryuser");
        try {
            TenantUser findByLoginName = this.userService.findByLoginName(parameter);
            if (findByLoginName == null) {
                jsonResponse.failed("用户或密码不正确");
                this.userAuthSecurityLogUtils.onAuthFailed(parameter, httpServletRequest, jsonResponse.getMessage());
            } else {
                if (findByLoginName.getUserStates() == 0) {
                    jsonResponse.failed(Constants.STATUSCODE102);
                    this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, jsonResponse.getMessage());
                    return jsonResponse;
                }
                PerformanceLoggerCollector.stop("queryuser");
                PerformanceLoggerCollector.start("querytenant");
                Tenant pubTenantById = this.tenantService.getPubTenantById(findByLoginName.getTenantId());
                if (pubTenantById == null && findByLoginName.getTypeId() == 1) {
                    jsonResponse.setStatus(4);
                    jsonResponse.setMessage("请先注册租户信息再登录");
                    jsonResponse.put("userTel", findByLoginName.getUserMobile());
                    this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, "请先注册租户信息再登录");
                    return jsonResponse;
                }
                String validateTenant = validateTenant(pubTenantById, findByLoginName, httpServletRequest);
                if (StringUtils.isNotBlank(validateTenant)) {
                    return jsonResponse.failedWithReturn(validateTenant);
                }
                PerformanceLoggerCollector.stop("querytenant");
                String validateRes = validateRes(pubTenantById, findByLoginName, parameter3, httpServletRequest);
                if (StringUtils.isNotBlank(validateRes)) {
                    return jsonResponse.failedWithReturn(validateRes);
                }
                if (pubTenantById == null) {
                    pubTenantById = new Tenant();
                }
                PerformanceLoggerCollector.start("queryPasswordPolicy");
                Map<String, Object> userStatus = this.passwordUtil.getUserStatus(findByLoginName.getUserId());
                Set<Integer> set = (Set) userStatus.get("statusSet");
                Date date = (Date) userStatus.get("extime");
                PasswordLevel passwordLevel = this.passwordUtil.getPasswordLevel(pubTenantById.getPasswordPolicy());
                if (this.passwordUtil.isLockByAdmin(set)) {
                    jsonResponse.failed(Constants.STATUSCODE108);
                    this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, jsonResponse.getMessage());
                    return jsonResponse;
                }
                if (this.passwordUtil.isLockBySelf(set) && !this.passwordUtil.getUserIsLockStatus(date, passwordLevel, findByLoginName.getUserId())) {
                    jsonResponse.failed(Constants.STATUSCODE109);
                    this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, jsonResponse.getMessage());
                    return jsonResponse;
                }
                if (!PasswordUtils.encodePasswordByUserCode(RSAUtils.decryptString(parameter2), findByLoginName.getSalt(), findByLoginName.getUserCode()).equals(findByLoginName.getUserPassword())) {
                    if (this.passwordUtil.isLock(passwordLevel)) {
                        String str = "errorPasswordCount_" + findByLoginName.getUserId();
                        Integer num = (Integer) this.cacheManager.get(str);
                        if (num == null) {
                            this.cacheManager.putTimedCache(str, 1, DateTimeConstants.SECONDS_PER_HOUR);
                        } else {
                            if (this.passwordUtil.isExceedErrorPasswordCount(passwordLevel, num.intValue())) {
                                this.passwordUtil.lockUser(findByLoginName.getUserId());
                                this.cacheManager.removeCache(str);
                                this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, "密码输错次数超过" + (num.intValue() - 1) + "次，账户被锁定");
                                return jsonResponse.failedWithReturn("密码输错次数超过" + (num.intValue() - 1) + "次，账户被锁定");
                            }
                            this.cacheManager.putTimedCache(str, Integer.valueOf(num.intValue() + 1), Long.valueOf(this.cacheManager.getTTL(str)).intValue());
                        }
                    }
                    jsonResponse.failed("用户名或密码错误");
                    this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, jsonResponse.getMessage());
                    return jsonResponse;
                }
                if (this.passwordUtil.isUserInitOrResetExStatus(set)) {
                    jsonResponse.setStatus(2);
                    jsonResponse.setMessage(Constants.STATUSCODE110);
                    jsonResponse.put("tenant", pubTenantById.getTenantName());
                    jsonResponse.put("usertype", Integer.valueOf(findByLoginName.getTypeId()));
                    jsonResponse.put("user", findByLoginName);
                    this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, jsonResponse.getMessage());
                    return jsonResponse;
                }
                try {
                    if (this.passwordUtil.isUserPwdDisabled(findByLoginName.getPwdstarttime(), passwordLevel)) {
                        jsonResponse.setStatus(2);
                        jsonResponse.setMessage("密码已经超过有效期，请修改密码");
                        jsonResponse.put("tenant", pubTenantById.getTenantName());
                        jsonResponse.put("usertype", Integer.valueOf(findByLoginName.getTypeId()));
                        jsonResponse.put("user", findByLoginName);
                        this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, jsonResponse.getMessage());
                        return jsonResponse;
                    }
                    try {
                        String validateTip = this.passwordUtil.getValidateTip(findByLoginName.getPwdstarttime(), passwordLevel);
                        if (StringUtils.isNotBlank(validateTip)) {
                            jsonResponse.setStatus(3);
                            jsonResponse.setMessage(validateTip);
                            jsonResponse.put(ShiroHttpServletRequest.URL_SESSION_ID_SOURCE, "http://");
                            jsonResponse.put("tenant", pubTenantById.getTenantName());
                            jsonResponse.put("usertype", Integer.valueOf(findByLoginName.getTypeId()));
                            jsonResponse.put("user", findByLoginName);
                            this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, jsonResponse.getMessage());
                            return jsonResponse;
                        }
                        PerformanceLoggerCollector.stop("queryPasswordPolicy");
                        jsonResponse.success("认证成功");
                        this.userAuthSecurityLogUtils.onAuthSuccess(findByLoginName, httpServletRequest, jsonResponse.getMessage());
                        jsonResponse.put("tenant", pubTenantById.getTenantName());
                        jsonResponse.put("usertype", Integer.valueOf(findByLoginName.getTypeId()));
                        PerformanceLoggerCollector.start("fromObject");
                        jsonResponse.put("user", findByLoginName);
                        PerformanceLoggerCollector.stop("fromObject");
                        PerformanceLoggerCollector.stop("validateUser");
                    } catch (Exception e) {
                        this.logger.error(e.getMessage(), (Throwable) e);
                        jsonResponse.failed(Constants.STATUSCODE202);
                        this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, e.getMessage());
                        return jsonResponse;
                    }
                } catch (Exception e2) {
                    this.logger.error(e2.getMessage(), (Throwable) e2);
                    jsonResponse.failed(Constants.STATUSCODE202);
                    this.userAuthSecurityLogUtils.onAuthFailed(findByLoginName, httpServletRequest, e2.getMessage());
                    return jsonResponse;
                }
            }
            return jsonResponse;
        } catch (Exception e3) {
            this.logger.error("数据有错误：根据用户名查找用户，用户名：" + parameter, (Throwable) e3);
            jsonResponse.failed("该用户名匹配到多个用户");
            this.userAuthSecurityLogUtils.onAuthFailed(parameter, httpServletRequest, "数据有错误：根据用户名查找用户，用户名：" + parameter);
            return jsonResponse;
        }
    }

    public String validateTenant(Tenant tenant, TenantUser tenantUser, HttpServletRequest httpServletRequest) {
        if (tenant == null || tenant.getTenantStates() != 0) {
            return null;
        }
        this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, "租户未激活");
        return "租户未激活，请通过邮箱的链接激活租户";
    }

    public String validateRes(Tenant tenant, TenantUser tenantUser, String str, HttpServletRequest httpServletRequest) {
        String str2 = new String();
        if (!StringUtils.isNotBlank(str)) {
            this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, Constants.STATUSCODE105);
            return Constants.STATUSCODE105;
        }
        if (str.equals("tenantuser") || str.equals("tenant")) {
            if (tenantUser.getTypeId() == 3) {
                str2 = Constants.STATUSCODE104;
                this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, str2);
            }
        } else if (this.resGroupService.isGroupCode(str)) {
            for (String str3 : this.resGroupService.getResCodes(str)) {
                str2 = validateSingleRes(tenant, tenantUser, str3, httpServletRequest);
                if (StringUtils.isBlank(str2)) {
                    return null;
                }
            }
        } else {
            str2 = validateSingleRes(tenant, tenantUser, str, httpServletRequest);
        }
        if (StringUtils.isNotBlank(str2)) {
            return str2;
        }
        return null;
    }

    public String validateSingleRes(Tenant tenant, TenantUser tenantUser, String str, HttpServletRequest httpServletRequest) {
        String str2 = new String();
        int isNeedTenant = this.resTenantService.isNeedTenant(str);
        if (isNeedTenant == 2) {
            this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, Constants.STATUSCODE105);
            return Constants.STATUSCODE105;
        }
        if (isNeedTenant == 1) {
            if (tenant == null) {
                return "该应用需要有相应权限才能登录";
            }
            try {
                PerformanceLoggerCollector.start("queryTenantRes");
                TenantRes findByTenantIdAndSystemCode2 = this.tenantResService.findByTenantIdAndSystemCode2(tenantUser.getTenantId(), str);
                PerformanceLoggerCollector.stop("queryTenantRes");
                if (findByTenantIdAndSystemCode2 == null) {
                    this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, Constants.STATUSCODE105);
                    return Constants.STATUSCODE105;
                }
                if (Boolean.valueOf(PropertyUtil.getPropertyByKey("validate.checkTenantRes")).booleanValue()) {
                    if (0 == findByTenantIdAndSystemCode2.getStates()) {
                        this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, "应用还未初始化，请先初始化应用");
                        return "应用还未初始化，请先初始化应用";
                    }
                    if (2 == findByTenantIdAndSystemCode2.getStates()) {
                        this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, "应用初始化失败");
                        return "应用初始化失败";
                    }
                }
                if (tenantUser.getTypeId() != 1) {
                    try {
                        if (!DateUtils.after(findByTenantIdAndSystemCode2.getEndDate())) {
                            this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, Constants.STATUSCODE106);
                            return Constants.STATUSCODE106;
                        }
                        try {
                            PerformanceLoggerCollector.start("queryPermission");
                            boolean havePermission = this.userPermissionService.havePermission(tenantUser.getUserId(), str);
                            PerformanceLoggerCollector.stop("queryPermission");
                            if (!havePermission) {
                                this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, Constants.STATUSCODE107);
                                return Constants.STATUSCODE107;
                            }
                        } catch (Exception e) {
                            this.logger.error(e.getMessage(), (Throwable) e);
                            this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, e.getMessage());
                            return Constants.STATUSCODE202;
                        }
                    } catch (ParseException e2) {
                        this.logger.error(e2.getMessage(), (Throwable) e2);
                        this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, e2.getMessage());
                        return Constants.STATUSCODE203;
                    }
                }
            } catch (Exception e3) {
                this.logger.error(e3.getMessage(), (Throwable) e3);
                this.userAuthSecurityLogUtils.onAuthFailed(tenantUser, httpServletRequest, e3.getMessage());
                return Constants.STATUSCODE202;
            }
        }
        return str2;
    }

    public void resetErrorPasswordCount(String str) {
        this.cacheManager.removeCache("errorPasswordCount_" + str);
    }

    @RequestMapping(value = {"modifypassword"}, method = {RequestMethod.POST})
    public JsonResponse modifyPassword(HttpServletRequest httpServletRequest) {
        JsonResponse jsonResponse = new JsonResponse();
        String decryptString = RSAUtils.decryptString(httpServletRequest.getParameter("userPassword"));
        String decryptString2 = RSAUtils.decryptString(httpServletRequest.getParameter("newPassword"));
        String parameter = httpServletRequest.getParameter("userName");
        httpServletRequest.getParameter("systemId");
        if (StringUtils.isBlank(parameter) || StringUtils.isBlank(decryptString) || StringUtils.isBlank(decryptString2)) {
            jsonResponse.failed("用户编码或者密码为空");
            return jsonResponse;
        }
        TenantUser findByLoginName = this.userService.findByLoginName(parameter);
        if (findByLoginName != null) {
            Tenant pubTenantById = this.tenantService.getPubTenantById(findByLoginName.getTenantId());
            if (PasswordUtils.encodePasswordByUserCode(PasswordUtils.encodePasswordUsingSHA(decryptString), findByLoginName.getSalt(), findByLoginName.getUserCode()).equals(findByLoginName.getUserPassword())) {
                String encodePasswordByUserCode = PasswordUtils.encodePasswordByUserCode(PasswordUtils.encodePasswordUsingSHA(decryptString2), findByLoginName.getSalt(), findByLoginName.getUserCode());
                String checkNewpassword = this.passwordUtil.checkNewpassword(findByLoginName.getTenantId(), findByLoginName.getUserId(), findByLoginName.getUserCode(), decryptString2, encodePasswordByUserCode, pubTenantById.getPasswordPolicy());
                if (StringUtils.isNotBlank(checkNewpassword)) {
                    return jsonResponse.failedWithReturn(checkNewpassword);
                }
                findByLoginName.setUserPassword(encodePasswordByUserCode);
                findByLoginName.setPwdstarttime(DateUtils.getCurrectTime());
                try {
                    this.userService.saveUser(findByLoginName);
                    try {
                        this.passwordUtil.afterModifyPassword(findByLoginName.getUserId(), findByLoginName.getUserPassword(), findByLoginName.getTenantId(), pubTenantById.getPasswordPolicy(), true);
                        jsonResponse.put("tenant", pubTenantById.getTenantName());
                        jsonResponse.put("usertype", Integer.valueOf(findByLoginName.getTypeId()));
                        jsonResponse.put("user", JSONObject.fromObject(findByLoginName, this.userService.getUserJsonConfig(false)));
                        jsonResponse.success("修改成功");
                    } catch (Exception e) {
                        this.logger.error(e.getMessage(), (Throwable) e);
                        return jsonResponse.failedWithReturn(Constants.STATUSCODE202);
                    }
                } catch (ObjectOptimisticLockingFailureException e2) {
                    this.logger.error(e2.getMessage(), (Throwable) e2);
                    jsonResponse.setStatus(5);
                    jsonResponse.setMessage(Constants.OPTIMISTICLOCKINGFAILUREMSM);
                    return jsonResponse;
                }
            } else {
                jsonResponse.failed("原密码错误");
            }
        } else {
            jsonResponse.failed("不存在这个用户");
        }
        return jsonResponse;
    }

    @RequestMapping(value = {"resetpassword"}, method = {RequestMethod.POST})
    public JsonResponse resetPassword(HttpServletRequest httpServletRequest) {
        JsonResponse jsonResponse = new JsonResponse();
        String parameter = httpServletRequest.getParameter("userId");
        String parameter2 = httpServletRequest.getParameter("adminId");
        if (StringUtils.isBlank(parameter) || StringUtils.isBlank(parameter2)) {
            return jsonResponse.failedWithReturn("用户ID或管理员ID不能为空");
        }
        String parameter3 = httpServletRequest.getParameter("systemId");
        TenantUser findByUserId = this.userService.findByUserId(parameter);
        validateUser(findByUserId, jsonResponse);
        if (jsonResponse.isfailed()) {
            return jsonResponse;
        }
        TenantUser findByUserId2 = this.userService.findByUserId(parameter2);
        validateAdmin(findByUserId2, jsonResponse);
        if (jsonResponse.isfailed()) {
            return jsonResponse;
        }
        if (!findByUserId2.getTenantId().equals(findByUserId.getTenantId())) {
            return jsonResponse.failedWithReturn("管理员只能重置租户下的用户");
        }
        findByUserId.setUserPassword(PasswordUtils.encodePasswordByUserCode(PasswordUtils.encodePasswordUsingSHA(this.passwordUtil.getUserDefaultPassword(findByUserId.getTenantId())), findByUserId.getSalt(), findByUserId.getUserCode()));
        findByUserId.setPwdstarttime(DateUtils.getCurrectTime());
        try {
            this.userService.saveUser(findByUserId);
            this.passwordUtil.afterResetPassword(parameter);
            this.eventUtil.dispatchAfterResetPassword(findByUserId, parameter3);
            jsonResponse.success();
            return jsonResponse;
        } catch (ObjectOptimisticLockingFailureException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            jsonResponse.setStatus(5);
            jsonResponse.setMessage(Constants.OPTIMISTICLOCKINGFAILUREMSM);
            return jsonResponse;
        }
    }

    private void validateAdmin(TenantUser tenantUser, JsonResponse jsonResponse) {
        if (tenantUser == null) {
            jsonResponse.failed("管理员不存在");
        } else if (StringUtils.isBlank(tenantUser.getTenantId())) {
            jsonResponse.failed("管理员的租户ID为空");
        } else if (tenantUser.getTypeId() != 1) {
            jsonResponse.failed("只有管理员才能进行重置用户的密码、启停用户等操作");
        }
    }

    private void validateUser(TenantUser tenantUser, JsonResponse jsonResponse) {
        if (tenantUser == null) {
            jsonResponse.failed("用户不存在");
        } else if (StringUtils.isBlank(tenantUser.getTenantId())) {
            jsonResponse.failed("用户的租户ID为空");
        } else if (tenantUser.getTypeId() != 3) {
            jsonResponse.failed("只能重置普通用户的密码");
        }
    }

    @RequestMapping(value = {"remove"}, method = {RequestMethod.POST})
    public JsonResponse removeFromTenant(@RequestBody JSONObject jSONObject) {
        JsonResponse jsonResponse = new JsonResponse();
        String[] strArr = (String[]) JSONArray.toArray(jSONObject.getJSONArray("userIds"), String.class);
        if (strArr == null) {
            return jsonResponse.failedWithReturn("请传入要处理的数据");
        }
        if (strArr.length > 100) {
            return jsonResponse.failedWithReturn("数组大小超过100");
        }
        try {
            this.transactionalService.removeFromTenant(strArr);
            jsonResponse.success("解除关联成功");
            return jsonResponse;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            return jsonResponse.failedWithReturn("解除关联失败");
        }
    }

    @RequestMapping(value = {"app"}, method = {RequestMethod.GET})
    public JsonResponse getAvailableApp(@RequestParam String str, @RequestParam String str2) {
        JsonResponse jsonResponse = new JsonResponse();
        new String();
        TenantUser findByLoginName = this.userService.findByLoginName(str);
        Tenant pubTenantById = this.tenantService.getPubTenantById(findByLoginName.getTenantId());
        ArrayList arrayList = new ArrayList();
        if (str2.equals("tenantuser") || str2.equals("tenant")) {
            if (findByLoginName.getTypeId() == 1) {
                arrayList.add(str2);
            }
        } else if (this.resGroupService.isGroupCode(str2)) {
            for (String str3 : this.resGroupService.getResCodes(str2)) {
                if (StringUtils.isBlank(validateSingleRes(pubTenantById, findByLoginName, str3))) {
                    arrayList.add(str3);
                }
            }
        } else if (StringUtils.isBlank(validateSingleRes(pubTenantById, findByLoginName, str2))) {
            arrayList.add(str2);
        }
        jsonResponse.successWithData("apps", arrayList);
        return jsonResponse;
    }

    public String validateSingleRes(Tenant tenant, TenantUser tenantUser, String str) {
        String str2 = new String();
        int isNeedTenant = this.resTenantService.isNeedTenant(str);
        if (isNeedTenant == 2) {
            return Constants.STATUSCODE105;
        }
        if (isNeedTenant == 1) {
            if (tenant == null) {
                return "该应用需要有相应权限才能登录";
            }
            try {
                TenantRes findByTenantIdAndSystemCode2 = this.tenantResService.findByTenantIdAndSystemCode2(tenantUser.getTenantId(), str);
                if (findByTenantIdAndSystemCode2 == null) {
                    return Constants.STATUSCODE105;
                }
                if (Boolean.valueOf(PropertyUtil.getPropertyByKey("validate.checkTenantRes")).booleanValue()) {
                    if (0 == findByTenantIdAndSystemCode2.getStates()) {
                        return "应用还未初始化，请先初始化应用";
                    }
                    if (2 == findByTenantIdAndSystemCode2.getStates()) {
                        return "应用初始化失败";
                    }
                }
                try {
                    if (!DateUtils.after(findByTenantIdAndSystemCode2.getEndDate())) {
                        return Constants.STATUSCODE106;
                    }
                    if (tenantUser.getTypeId() != 1) {
                        try {
                            if (!this.userPermissionService.havePermission(tenantUser.getUserId(), str)) {
                                return Constants.STATUSCODE107;
                            }
                        } catch (Exception e) {
                            this.logger.error(e.getMessage(), (Throwable) e);
                            return Constants.STATUSCODE202;
                        }
                    }
                } catch (ParseException e2) {
                    this.logger.error(e2.getMessage(), (Throwable) e2);
                    return Constants.STATUSCODE203;
                }
            } catch (Exception e3) {
                this.logger.error(e3.getMessage(), (Throwable) e3);
                return Constants.STATUSCODE202;
            }
        }
        return str2;
    }

    @RequestMapping(value = {"weixin/{userCode}"}, method = {RequestMethod.DELETE})
    public JsonResponse deleteWeixinBinding(@PathVariable("userCode") String str) {
        JsonResponse jsonResponse = new JsonResponse();
        try {
            this.weiXinService.deleteByUserCode(str);
            jsonResponse.success();
        } catch (Exception e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            jsonResponse.failed(e.getMessage());
        }
        return jsonResponse;
    }

    @RequestMapping(value = {"enable"}, method = {RequestMethod.POST})
    public JsonResponse enableUser(HttpServletRequest httpServletRequest) {
        JsonResponse jsonResponse = new JsonResponse();
        String parameter = httpServletRequest.getParameter("userId");
        String parameter2 = httpServletRequest.getParameter("adminId");
        if (StringUtils.isBlank(parameter) || StringUtils.isBlank(parameter2)) {
            return jsonResponse.failedWithReturn("用户ID或管理员ID不能为空");
        }
        String parameter3 = httpServletRequest.getParameter("systemId");
        TenantUser findByUserId = this.userService.findByUserId(parameter);
        validateUser(findByUserId, jsonResponse);
        if (jsonResponse.isfailed()) {
            return jsonResponse;
        }
        TenantUser findByUserId2 = this.userService.findByUserId(parameter2);
        validateAdmin(findByUserId2, jsonResponse);
        if (jsonResponse.isfailed()) {
            return jsonResponse;
        }
        if (!findByUserId2.getTenantId().equals(findByUserId.getTenantId())) {
            return jsonResponse.failedWithReturn("管理员只能启停租户下的用户");
        }
        findByUserId.setUserStates(1);
        try {
            this.userService.saveUser(findByUserId);
            this.eventUtil.dispatchAfterEnableUserEvent(findByUserId, parameter3);
            ArrayList arrayList = new ArrayList();
            arrayList.add(findByUserId);
            this.userSecurityLogUtils.onEnableSuccess(httpServletRequest, arrayList);
            jsonResponse.success();
            return jsonResponse;
        } catch (ObjectOptimisticLockingFailureException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            jsonResponse.setStatus(5);
            jsonResponse.setMessage(Constants.OPTIMISTICLOCKINGFAILUREMSM);
            this.userSecurityLogUtils.onEnableFailed(httpServletRequest, e.getMessage());
            return jsonResponse;
        }
    }

    @RequestMapping(value = {SVGConstants.SVG_DISABLE_VALUE}, method = {RequestMethod.POST})
    public JsonResponse disableUser(HttpServletRequest httpServletRequest) {
        JsonResponse jsonResponse = new JsonResponse();
        String parameter = httpServletRequest.getParameter("userId");
        String parameter2 = httpServletRequest.getParameter("adminId");
        if (StringUtils.isBlank(parameter) || StringUtils.isBlank(parameter2)) {
            return jsonResponse.failedWithReturn("用户ID或管理员ID不能为空");
        }
        String parameter3 = httpServletRequest.getParameter("systemId");
        TenantUser findByUserId = this.userService.findByUserId(parameter);
        validateUser(findByUserId, jsonResponse);
        if (jsonResponse.isfailed()) {
            return jsonResponse;
        }
        TenantUser findByUserId2 = this.userService.findByUserId(parameter2);
        validateAdmin(findByUserId2, jsonResponse);
        if (jsonResponse.isfailed()) {
            return jsonResponse;
        }
        if (!findByUserId2.getTenantId().equals(findByUserId.getTenantId())) {
            return jsonResponse.failedWithReturn("管理员只能启停租户下的用户");
        }
        findByUserId.setUserStates(0);
        try {
            this.userService.saveUser(findByUserId);
            this.eventUtil.dispatchAfterDisableUserEvent(findByUserId, parameter3);
            ArrayList arrayList = new ArrayList();
            arrayList.add(findByUserId);
            this.userSecurityLogUtils.onDisableSuccess(httpServletRequest, arrayList);
            jsonResponse.success();
            return jsonResponse;
        } catch (ObjectOptimisticLockingFailureException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            jsonResponse.setStatus(5);
            jsonResponse.setMessage(Constants.OPTIMISTICLOCKINGFAILUREMSM);
            this.userSecurityLogUtils.onEnableFailed(httpServletRequest, e.getMessage());
            return jsonResponse;
        }
    }

    private TenantUser dealUserAvator(TenantUser tenantUser) {
        if (tenantUser != null) {
            String userAvator = tenantUser.getUserAvator();
            String hostUrl = getHostUrl();
            if (StringUtils.isNotBlank(userAvator)) {
                if (userAvator.startsWith("/tenantuser/")) {
                    userAvator = userAvator.replaceAll("/tenantuser/", "");
                }
                tenantUser.setUserAvator(hostUrl + userAvator);
            }
        }
        return tenantUser;
    }

    private String getHostUrl() {
        return PropertyUtil.getPropertyByKey("hostname");
    }

    @RequestMapping(value = {"uploadavator"}, method = {RequestMethod.POST})
    @ResponseBody
    public JsonResponse uploadAvator(HttpServletRequest httpServletRequest) {
        JsonResponse jsonResponse = new JsonResponse();
        if (new CommonsMultipartResolver().isMultipart(httpServletRequest)) {
            MultipartHttpServletRequest multipartHttpServletRequest = (MultipartHttpServletRequest) httpServletRequest;
            Iterator<String> fileNames = multipartHttpServletRequest.getFileNames();
            while (fileNames.hasNext()) {
                MultipartFile file = multipartHttpServletRequest.getFile(fileNames.next().toString());
                if (file != null) {
                    if (file.getSize() > 1000000) {
                        jsonResponse.failed("图片大于 1M");
                        jsonResponse.put("fileName", "-1");
                        return jsonResponse;
                    }
                    try {
                        String upload = FastdfsClient.getInstance().upload(file.getBytes());
                        jsonResponse.success("上传成功");
                        jsonResponse.put("fileName", "/tenantuser/file/fdfsimg/down?id=" + upload);
                    } catch (IOException e) {
                        this.logger.error("上传文件错误", (Throwable) e);
                        jsonResponse.failed("上传文件错误" + e.getMessage());
                    } catch (IllegalStateException e2) {
                        this.logger.error("上传文件错误", (Throwable) e2);
                        jsonResponse.failed("上传文件错误" + e2.getMessage());
                    } catch (Exception e3) {
                        this.logger.error("上传文件到fdfs错误", (Throwable) e3);
                        jsonResponse.failed("上传文件到fdfs错误" + e3.getMessage());
                    }
                }
            }
        }
        return jsonResponse;
    }
}
