package com.atlassian.stash.internal.user;

import com.atlassian.bitbucket.ForbiddenException;
import com.atlassian.bitbucket.IntegrityException;
import com.atlassian.bitbucket.NoSuchEntityException;
import com.atlassian.bitbucket.Product;
import com.atlassian.bitbucket.event.user.GroupCleanupEvent;
import com.atlassian.bitbucket.event.user.UserCleanupEvent;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.license.LicenseLimitException;
import com.atlassian.bitbucket.license.LicenseService;
import com.atlassian.bitbucket.mail.MailException;
import com.atlassian.bitbucket.permission.PermissionAdminService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.DetailedGroup;
import com.atlassian.bitbucket.user.DetailedUser;
import com.atlassian.bitbucket.user.InvalidPasswordResetTokenException;
import com.atlassian.bitbucket.user.NoSuchGroupException;
import com.atlassian.bitbucket.user.NoSuchUserException;
import com.atlassian.bitbucket.user.ServiceUser;
import com.atlassian.bitbucket.user.ServiceUserCreateRequest;
import com.atlassian.bitbucket.user.ServiceUserUpdateRequest;
import com.atlassian.bitbucket.user.UserAdminService;
import com.atlassian.bitbucket.user.UserType;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.Group;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.api.UserWithAttributes;
import com.atlassian.crowd.embedded.impl.ImmutableGroup;
import com.atlassian.crowd.embedded.impl.ImmutableUser;
import com.atlassian.crowd.event.group.GroupDeletedEvent;
import com.atlassian.crowd.event.user.UserDeletedEvent;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.scheduler.JobRunner;
import com.atlassian.scheduler.JobRunnerRequest;
import com.atlassian.scheduler.JobRunnerResponse;
import com.atlassian.scheduler.SchedulerService;
import com.atlassian.scheduler.SchedulerServiceException;
import com.atlassian.scheduler.config.JobConfig;
import com.atlassian.scheduler.config.JobId;
import com.atlassian.scheduler.config.JobRunnerKey;
import com.atlassian.scheduler.config.RunMode;
import com.atlassian.scheduler.config.Schedule;
import com.atlassian.security.random.SecureTokenGenerator;
import com.atlassian.stash.internal.AbstractService;
import com.atlassian.stash.internal.annotation.Unsecured;
import com.atlassian.stash.internal.crowd.CrowdControl;
import com.atlassian.stash.internal.group.DeletedGroupDao;
import com.atlassian.stash.internal.group.InternalDeletedGroup;
import com.atlassian.stash.internal.scheduling.ScheduledJobSource;
import com.atlassian.stash.internal.spring.SpringTransactionUtils;
import com.atlassian.stash.internal.user.InternalDetailedGroup;
import com.atlassian.stash.internal.user.InternalDetailedUser;
import com.atlassian.stash.internal.user.InternalServiceUser;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterables;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.Duration;
import org.joda.time.Instant;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.support.TransactionCallback;
import org.springframework.transaction.support.TransactionCallbackWithoutResult;
import org.springframework.transaction.support.TransactionTemplate;

@AvailableToPlugins(UserAdminService.class)
@Service("userAdminService")
/* loaded from: input_file:com/atlassian/stash/internal/user/DefaultUserAdminService.class */
public class DefaultUserAdminService extends AbstractService implements UserAdminService, ScheduledJobSource {
    private static final Logger log = LoggerFactory.getLogger(DefaultUserAdminService.class);
    private static final JobId GROUP_CLEANUP_JOB_ID = JobId.of(GroupCleanUpJob.class.getSimpleName());
    private static final JobRunnerKey GROUP_CLEANUP_JOB_RUNNER_KEY = JobRunnerKey.of(GroupCleanUpJob.class.getName());
    private static final JobId USER_CLEANUP_JOB_ID = JobId.of(UserCleanupJob.class.getSimpleName());
    private static final JobRunnerKey USER_CLEANUP_JOB_RUNNER_KEY = JobRunnerKey.of(UserCleanupJob.class.getName());
    private final CrowdControl crowdControl;
    private final EmailNotifier emailNotifier;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final LicenseService licenseService;
    private final PasswordResetHelper passwordResetHelper;
    private final PermissionAdminService permissionAdminService;
    private final StashUserDao userDao;
    private final UserHelper userHelper;
    private final DeletedGroupDao deletedGroupDao;
    private final CaptchaService captchaService;
    private final TransactionTemplate requiresNewTransactionTemplate;
    private final SecureTokenGenerator secureTokenGenerator;
    private int maxUserPageSize;
    private int userCleanupJobBatchSize;
    private long userCleanupJobDelay;
    private long userCleanupJobInterval;
    private int groupCleanupJobBatchSize;
    private long groupCleanupJobDelay;
    private long groupCleanupJobInterval;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/stash/internal/user/DefaultUserAdminService$DetailedGroupTransform.class */
    public static class DetailedGroupTransform implements Function<String, DetailedGroup> {
        private final InternalDetailedGroup.Builder builder;

        private DetailedGroupTransform(boolean z) {
            this.builder = new InternalDetailedGroup.Builder().deletable(z);
        }

        @Override // java.util.function.Function
        public DetailedGroup apply(String str) {
            return this.builder.name(str).build();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/stash/internal/user/DefaultUserAdminService$DetailedUserTransform.class */
    public class DetailedUserTransform implements Function<InternalApplicationUser, DetailedUser> {
        private DetailedUserTransform() {
        }

        @Override // java.util.function.Function
        public DetailedUser apply(InternalApplicationUser internalApplicationUser) {
            return DefaultUserAdminService.this.transformUser(internalApplicationUser);
        }
    }

    /* loaded from: input_file:com/atlassian/stash/internal/user/DefaultUserAdminService$GroupCleanUpJob.class */
    private class GroupCleanUpJob implements JobRunner {
        private GroupCleanUpJob() {
        }

        @Nullable
        public JobRunnerResponse runJob(@Nonnull JobRunnerRequest jobRunnerRequest) {
            DefaultUserAdminService.this.cleanupDeletedGroups();
            return JobRunnerResponse.success();
        }
    }

    /* loaded from: input_file:com/atlassian/stash/internal/user/DefaultUserAdminService$UserCleanupJob.class */
    private class UserCleanupJob implements JobRunner {
        private UserCleanupJob() {
        }

        public JobRunnerResponse runJob(@Nonnull JobRunnerRequest jobRunnerRequest) {
            DefaultUserAdminService.this.cleanupDeletedUsers();
            return JobRunnerResponse.success();
        }
    }

    @Autowired
    public DefaultUserAdminService(CrowdControl crowdControl, PermissionAdminService permissionAdminService, PasswordResetHelper passwordResetHelper, EmailNotifier emailNotifier, LicenseService licenseService, I18nService i18nService, UserHelper userHelper, EventPublisher eventPublisher, StashUserDao stashUserDao, DeletedGroupDao deletedGroupDao, CaptchaService captchaService, PlatformTransactionManager platformTransactionManager, SecureTokenGenerator secureTokenGenerator) {
        this.captchaService = captchaService;
        this.crowdControl = crowdControl;
        this.deletedGroupDao = deletedGroupDao;
        this.emailNotifier = emailNotifier;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.licenseService = licenseService;
        this.permissionAdminService = permissionAdminService;
        this.passwordResetHelper = passwordResetHelper;
        this.secureTokenGenerator = secureTokenGenerator;
        this.userHelper = userHelper;
        this.userDao = stashUserDao;
        this.requiresNewTransactionTemplate = new TransactionTemplate(platformTransactionManager, SpringTransactionUtils.REQUIRES_NEW);
    }

    @Value("${page.max.users}")
    public void setMaxUserPageSize(int i) {
        this.maxUserPageSize = i;
    }

    @Value("${group.cleanup.job.batch.size}")
    public void setGroupCleanupJobBatchSize(int i) {
        this.groupCleanupJobBatchSize = i;
    }

    @Value("${group.cleanup.job.delay}")
    public void setGroupCleanupJobDelay(long j) {
        this.groupCleanupJobDelay = j;
    }

    @Value("${group.cleanup.job.interval}")
    public void setGroupCleanupJobInterval(long j) {
        this.groupCleanupJobInterval = j;
    }

    @Value("${user.cleanup.job.batch.size}")
    public void setUserCleanupJobBatchSize(int i) {
        this.userCleanupJobBatchSize = i;
    }

    @Value("${user.cleanup.job.delay}")
    public void setUserCleanupJobDelay(long j) {
        this.userCleanupJobDelay = j;
    }

    @Value("${user.cleanup.job.interval}")
    public void setUserCleanupJobInterval(long j) {
        this.userCleanupJobInterval = j;
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void addUserToGroups(@Nonnull String str, @Nonnull Set<String> set) throws ForbiddenException, LicenseLimitException, NoSuchGroupException, NoSuchUserException {
        Preconditions.checkNotNull(str, "username");
        Preconditions.checkNotNull(set, "groupNames");
        Preconditions.checkArgument(Iterables.all(set, Predicates.notNull()), "groupNames contains a null group name");
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            doAddUserToGroup(str, it.next());
        }
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void addMembersToGroup(@Nonnull String str, @Nonnull Set<String> set) throws ForbiddenException, LicenseLimitException, NoSuchGroupException, NoSuchUserException {
        Preconditions.checkNotNull(str, "groupName");
        Preconditions.checkNotNull(set, "usernames");
        Preconditions.checkArgument(Iterables.all(set, Predicates.notNull()), "usernames contains a null username");
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            doAddUserToGroup(it.next(), str);
        }
    }

    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public boolean canCreateGroups() {
        return isAllowedInAnyDirectory(OperationType.CREATE_GROUP);
    }

    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public boolean canUpdateGroups() {
        return isAllowedInAnyDirectory(OperationType.UPDATE_GROUP);
    }

    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public boolean canCreateUsers() {
        return isAllowedInAnyDirectory(OperationType.CREATE_USER);
    }

    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public boolean canDeleteGroups() {
        return isAllowedInAnyDirectory(OperationType.DELETE_GROUP);
    }

    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public boolean newUserCanResetPassword() {
        return this.crowdControl.getCapabilitiesForNewUsers().canResetPassword();
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN') or (hasGlobalPermission('ADMIN') and not hasGlobalPermission(#username, 'SYS_ADMIN'))")
    public void clearCaptchaChallenge(@Nonnull String str) {
        this.captchaService.clearCaptchaChallenge(str);
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    /* renamed from: createGroup, reason: merged with bridge method [inline-methods] */
    public InternalDetailedGroup m269createGroup(@Nonnull String str) {
        Preconditions.checkNotNull(str, "groupName");
        this.crowdControl.createGroup(new ImmutableGroup(str));
        return new InternalDetailedGroup.Builder().deletable(canDeleteGroups()).name(str).build();
    }

    @Nonnull
    @Transactional
    @Unsecured("This should only ever be called by plugins")
    public ServiceUser createServiceUser(@Nonnull ServiceUserCreateRequest serviceUserCreateRequest) throws IntegrityException {
        Preconditions.checkNotNull(serviceUserCreateRequest, "userRequest");
        if (serviceUserCreateRequest.getName() == null || this.userDao.findServiceUserByName(serviceUserCreateRequest.getName(), true) == null) {
            return this.userDao.create(new InternalServiceUser.Builder().active(serviceUserCreateRequest.isActive()).displayName(serviceUserCreateRequest.getDisplayName()).emailAddress(serviceUserCreateRequest.getEmailAddress()).label(serviceUserCreateRequest.getLabel()).name(StringUtils.isNotBlank(serviceUserCreateRequest.getName()) ? serviceUserCreateRequest.getName() : generateUsername()).build());
        }
        throw new IntegrityException(this.i18nService.createKeyedMessage("bitbucket.service.user.alreadyexists", new Object[]{serviceUserCreateRequest.getName()}));
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void createUser(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull String str4) {
        createUser(str, str2, str3, str4, true);
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void createUser(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull String str4, boolean z) {
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str3, "displayName")).trim().isEmpty(), "A non-blank display name is required");
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str4, "emailAddress")).trim().isEmpty(), "A non-blank e-mail address is required");
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str2, "password")).trim().isEmpty(), "A non-blank password is required");
        Preconditions.checkNotNull(str, "username");
        createUser(ImmutableUser.newUser().displayName(str3).emailAddress(str4).name(str).toUser(), str2, z);
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void createUserWithGeneratedPassword(@Nonnull String str, @Nonnull String str2, @Nonnull String str3) {
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str2, "displayName")).trim().isEmpty(), "A non-blank display name is required");
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str3, "emailAddress")).trim().isEmpty(), "A non-blank e-mail address is required");
        Preconditions.checkNotNull(str, "username");
        this.emailNotifier.validateCanSendEmails();
        User user = ImmutableUser.newUser().displayName(str2).emailAddress(str3).name(str).toUser();
        createUser(user, this.passwordResetHelper.generatePassword(), true);
        if (!this.crowdControl.canResetPassword(str)) {
            throw new IntegrityException(this.i18nService.createKeyedMessage("bitbucket.service.cant.send.email.passwordReset", new Object[]{Product.NAME}));
        }
        this.emailNotifier.sendCreatedUser(user, this.passwordResetHelper.addResetPasswordToken(user));
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    /* renamed from: deleteGroup, reason: merged with bridge method [inline-methods] */
    public InternalDetailedGroup m268deleteGroup(@Nonnull String str) {
        Preconditions.checkNotNull(str, "groupName");
        this.permissionAdminService.canDeleteGroup(str);
        this.crowdControl.deleteGroup(this.crowdControl.getGroup(str));
        return new InternalDetailedGroup.Builder().deletable(false).name(str).build();
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    /* renamed from: deleteUser, reason: merged with bridge method [inline-methods] */
    public InternalDetailedUser m267deleteUser(@Nonnull String str) {
        Preconditions.checkNotNull(str, "username");
        this.permissionAdminService.canDeleteUser(str);
        User user = this.crowdControl.getUser(str);
        this.crowdControl.deleteUser(user);
        return new InternalDetailedUser.Builder(this.userHelper.transformOrCreate(user)).build();
    }

    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<DetailedGroup> findGroups(@Nonnull PageRequest pageRequest) {
        return transformGroups(this.crowdControl.findGroups(pageRequest));
    }

    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<DetailedGroup> findGroupsByName(String str, @Nonnull PageRequest pageRequest) {
        return transformGroups(this.crowdControl.findGroupsByName(str, pageRequest));
    }

    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<DetailedGroup> findGroupsWithUser(@Nonnull String str, String str2, @Nonnull PageRequest pageRequest) {
        return transformGroups(this.crowdControl.findGroupsByUser(str, str2, false, pageRequest));
    }

    @Nonnull
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<DetailedGroup> findGroupsWithoutUser(@Nonnull String str, String str2, @Nonnull PageRequest pageRequest) {
        return transformGroups(this.crowdControl.findGroupsByUser(str, str2, true, pageRequest));
    }

    @Unsecured("Password reset runs in a non-authenticated context and requires no permissions")
    /* renamed from: findUserByPasswordResetToken, reason: merged with bridge method [inline-methods] */
    public InternalDetailedUser m266findUserByPasswordResetToken(@Nonnull String str) {
        User findUserByResetToken = this.passwordResetHelper.findUserByResetToken(str);
        if (findUserByResetToken == null) {
            return null;
        }
        return transformOrCreateUser(findUserByResetToken);
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<DetailedUser> findUsers(@Nonnull PageRequest pageRequest) {
        return transformOrCreateUsers(this.crowdControl.findUsers(pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<DetailedUser> findUsersByName(String str, @Nonnull PageRequest pageRequest) {
        return transformOrCreateUsers(this.crowdControl.findUsersByName(str, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<DetailedUser> findUsersWithGroup(@Nonnull String str, String str2, @Nonnull PageRequest pageRequest) {
        return transformOrCreateUsers(this.crowdControl.findUsersByGroup(str, str2, false, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('LICENSED_USER')")
    public Page<DetailedUser> findUsersWithoutGroup(@Nonnull String str, String str2, @Nonnull PageRequest pageRequest) {
        return transformOrCreateUsers(this.crowdControl.findUsersByGroup(str, str2, true, pageRequest.buildRestrictedPageRequest(this.maxUserPageSize)));
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN') or isCurrentUser(#username)")
    /* renamed from: getUserDetails, reason: merged with bridge method [inline-methods] */
    public InternalDetailedUser m265getUserDetails(@Nonnull String str) {
        User findUser = this.crowdControl.findUser(str, true);
        if (findUser == null) {
            return null;
        }
        return transformOrCreateUser(findUser);
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN') or isCurrentUser(#user)")
    /* renamed from: getUserDetails, reason: merged with bridge method [inline-methods] */
    public InternalDetailedUser m264getUserDetails(@Nonnull ApplicationUser applicationUser) {
        if (applicationUser instanceof InternalApplicationUser) {
            return transformUser((InternalApplicationUser) applicationUser);
        }
        InternalDetailedUser m265getUserDetails = m265getUserDetails(((ApplicationUser) Preconditions.checkNotNull(applicationUser, "user")).getName());
        if (m265getUserDetails == null) {
            throw new NoSuchUserException(this.i18nService.createKeyedMessage("bitbucket.service.user.nosuchuser", new Object[]{applicationUser.getName()}), applicationUser.getName());
        }
        return m265getUserDetails;
    }

    @EventListener
    public void onGroupDeleted(GroupDeletedEvent groupDeletedEvent) {
        final String groupName = groupDeletedEvent.getGroupName();
        if (this.crowdControl.findGroup(groupDeletedEvent.getGroupName()) == null) {
            this.requiresNewTransactionTemplate.execute(new TransactionCallbackWithoutResult() { // from class: com.atlassian.stash.internal.user.DefaultUserAdminService.1
                protected void doInTransactionWithoutResult(TransactionStatus transactionStatus) {
                    InternalDeletedGroup findByName = DefaultUserAdminService.this.deletedGroupDao.findByName(groupName);
                    if (findByName == null) {
                        DefaultUserAdminService.this.deletedGroupDao.create(new InternalDeletedGroup.Builder().name(groupName).deletedDate(Instant.now().toDate()).build());
                    } else {
                        DefaultUserAdminService.this.deletedGroupDao.update(new InternalDeletedGroup.Builder(findByName).deletedDate(Instant.now().toDate()).build());
                    }
                }
            });
        }
    }

    @EventListener
    public void onUserDeleted(UserDeletedEvent userDeletedEvent) {
        final String username = userDeletedEvent.getUsername();
        this.requiresNewTransactionTemplate.execute(new TransactionCallbackWithoutResult() { // from class: com.atlassian.stash.internal.user.DefaultUserAdminService.2
            protected void doInTransactionWithoutResult(TransactionStatus transactionStatus) {
                if (DefaultUserAdminService.this.crowdControl.findUser(username, true) != null) {
                    return;
                }
                InternalNormalUser findByName = DefaultUserAdminService.this.userDao.findByName(username);
                if (findByName != null) {
                    DefaultUserAdminService.this.userDao.update(findByName.copy().deletedDate(new Date()).build());
                } else {
                    DefaultUserAdminService.log.debug("Crowd dispatched a {} for a user ({}) with no corresponding {} and was ignored.", new Object[]{UserDeletedEvent.class.getSimpleName(), ApplicationUser.class.getSimpleName(), username});
                }
            }
        });
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('ADMIN')")
    public void removeUserFromGroup(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str, "groupName");
        Preconditions.checkNotNull(str2, "username");
        this.permissionAdminService.canRemoveUserFromGroup(str2, str);
        Group group = this.crowdControl.getGroup(str);
        User user = this.crowdControl.getUser(str2);
        if (this.crowdControl.removeGroupMember(group, user)) {
            return;
        }
        Directory findDirectoryFor = this.crowdControl.findDirectoryFor(user);
        String name = findDirectoryFor == null ? "<Unknown>" : findDirectoryFor.getName();
        log.info(String.format("Failed to remove user %1$s from group %2$s. Group %2$s may not exist in the same directory as the primary user with name %1$s. The 'primary' user is the first user with that name resolved from the ordered list of User Directories.", str2, str));
        throw new NoSuchGroupException(this.i18nService.createKeyedMessage("bitbucket.service.removeUserFromGroup.notFromGroup", new Object[]{str2, name, str}), str);
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN') or (hasGlobalPermission('ADMIN') and not hasGlobalPermission(#currentUsername, 'SYS_ADMIN'))")
    public DetailedUser renameUser(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str, "currentUserName");
        Preconditions.checkNotNull(str2, "newUserName");
        return transformOrCreateUser(this.crowdControl.renameUser(this.crowdControl.getUser(str), str2));
    }

    @Transactional
    @Unsecured("Password reset runs in a non-authenticated context and requires no permissions")
    public void requestPasswordReset(@Nonnull String str) throws NoSuchEntityException, MailException {
        User user = this.crowdControl.getUser(str);
        this.emailNotifier.sendPasswordReset(user, this.passwordResetHelper.addResetPasswordToken(user));
    }

    @Transactional
    @Unsecured("Password reset runs in a non-authenticated context and requires no permissions")
    public void resetPassword(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str, "token");
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str2, "password")).trim().isEmpty(), "A non-blank password is required");
        User findUserByResetToken = this.passwordResetHelper.findUserByResetToken(str);
        if (findUserByResetToken == null) {
            throw new InvalidPasswordResetTokenException(this.i18nService.createKeyedMessage("bitbucket.service.invalidtoken", new Object[0]), str);
        }
        this.passwordResetHelper.resetPassword(findUserByResetToken, str2);
    }

    @Transactional
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN') or (hasGlobalPermission('ADMIN') and not hasGlobalPermission(#username, 'SYS_ADMIN'))")
    public void updatePassword(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str, "username");
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str2, "newPassword")).trim().isEmpty(), "A non-blank password is required");
        this.passwordResetHelper.resetPassword(this.crowdControl.getUser(str), str2);
    }

    @Nonnull
    @Transactional
    @Unsecured("This should only ever be called by plugins")
    /* renamed from: updateServiceUser, reason: merged with bridge method [inline-methods] */
    public InternalServiceUser m263updateServiceUser(@Nonnull ServiceUserUpdateRequest serviceUserUpdateRequest) {
        Preconditions.checkNotNull(serviceUserUpdateRequest, "request");
        InternalApplicationUser internalApplicationUser = (InternalApplicationUser) this.userDao.getById(Integer.valueOf(serviceUserUpdateRequest.getId()));
        if (internalApplicationUser == null || internalApplicationUser.getType() != UserType.SERVICE) {
            throw new NoSuchUserException(this.i18nService.createKeyedMessage("bitbucket.service.user.nosuchserviceuser", new Object[]{Integer.valueOf(serviceUserUpdateRequest.getId())}), String.valueOf(serviceUserUpdateRequest.getId()));
        }
        return this.userDao.update(new InternalServiceUser.Builder((InternalServiceUser) internalApplicationUser.accept(InternalServiceUser.TO_SERVICE_USER)).active(serviceUserUpdateRequest.isActive()).name(serviceUserUpdateRequest.getName()).displayName(serviceUserUpdateRequest.getDisplayName()).label(serviceUserUpdateRequest.getLabel()).build());
    }

    @Nonnull
    @Transactional
    @PreAuthorize("hasGlobalPermission('SYS_ADMIN') or (hasGlobalPermission('ADMIN') and not hasGlobalPermission(#username, 'SYS_ADMIN'))")
    /* renamed from: updateUser, reason: merged with bridge method [inline-methods] */
    public InternalDetailedUser m262updateUser(@Nonnull String str, @Nonnull String str2, @Nonnull String str3) {
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str2, "displayName")).trim().isEmpty(), "A non-blank display name is required");
        Preconditions.checkArgument(!((String) Preconditions.checkNotNull(str3, "emailAddress")).trim().isEmpty(), "A non-blank e-mail address is required");
        Preconditions.checkNotNull(str, "username");
        return transformOrCreateUser(this.crowdControl.updateUser(ImmutableUser.newUser(this.crowdControl.getUser(str)).displayName(str2).emailAddress(str3).toUser()));
    }

    public void schedule(@Nonnull SchedulerService schedulerService) throws SchedulerServiceException {
        schedule(schedulerService, new GroupCleanUpJob(), GROUP_CLEANUP_JOB_RUNNER_KEY, GROUP_CLEANUP_JOB_ID, RunMode.RUN_ONCE_PER_CLUSTER, this.groupCleanupJobInterval);
        schedule(schedulerService, new UserCleanupJob(), USER_CLEANUP_JOB_RUNNER_KEY, USER_CLEANUP_JOB_ID, RunMode.RUN_ONCE_PER_CLUSTER, this.userCleanupJobInterval);
    }

    public void unschedule(@Nonnull SchedulerService schedulerService) throws SchedulerServiceException {
        schedulerService.unregisterJobRunner(GROUP_CLEANUP_JOB_RUNNER_KEY);
        schedulerService.unregisterJobRunner(USER_CLEANUP_JOB_RUNNER_KEY);
    }

    private void addToGroupIfExisting(User user, String str) {
        Group findGroup = this.crowdControl.findGroup(str);
        if (findGroup != null) {
            this.licenseService.validateCanAddUserToGroup(user.getName(), str);
            this.crowdControl.addGroupMember(findGroup, user);
        }
    }

    private void doAddUserToGroup(@Nonnull String str, @Nonnull String str2) {
        Preconditions.checkNotNull(str, "username");
        Preconditions.checkNotNull(str2, "groupName");
        this.permissionAdminService.canAddUserToGroup(str2);
        this.licenseService.validateCanAddUserToGroup(str, str2);
        this.crowdControl.addGroupMember(this.crowdControl.getGroup(str2), this.crowdControl.getUser(str));
    }

    private void createUser(User user, String str, boolean z) {
        this.crowdControl.createUser(user, str);
        if (z) {
            addToGroupIfExisting(user, "stash-users");
        }
    }

    private boolean isAllowedInAnyDirectory(OperationType operationType) {
        for (Directory directory : this.crowdControl.listDirectories()) {
            if (directory.isActive() && directory.getAllowedOperations().contains(operationType)) {
                return true;
            }
        }
        return false;
    }

    private void schedule(SchedulerService schedulerService, JobRunner jobRunner, JobRunnerKey jobRunnerKey, JobId jobId, RunMode runMode, long j) throws SchedulerServiceException {
        long millis = TimeUnit.MINUTES.toMillis(j);
        schedulerService.registerJobRunner(jobRunnerKey, jobRunner);
        schedulerService.scheduleJob(jobId, JobConfig.forJobRunnerKey(jobRunnerKey).withRunMode(runMode).withSchedule(Schedule.forInterval(millis, new Date(System.currentTimeMillis() + millis))));
    }

    private Page<DetailedGroup> transformGroups(Page<String> page) {
        return page.transform(new DetailedGroupTransform(canDeleteGroups()));
    }

    private InternalDetailedUser transformOrCreateUser(User user) {
        return transformUser(this.userHelper.transformOrCreate(user));
    }

    private Page<DetailedUser> transformOrCreateUsers(Page<User> page) {
        return this.userHelper.transformOrCreate(page).transform(new DetailedUserTransform());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public InternalDetailedUser transformUser(InternalApplicationUser internalApplicationUser) {
        final InternalDetailedUser.Builder builder = new InternalDetailedUser.Builder(internalApplicationUser);
        internalApplicationUser.accept(new AbstractVoidInternalStashUserVisitor() { // from class: com.atlassian.stash.internal.user.DefaultUserAdminService.3
            protected void doVisit(@Nonnull InternalNormalUser internalNormalUser) {
                String value;
                Directory findDirectoryFor = DefaultUserAdminService.this.crowdControl.findDirectoryFor(internalNormalUser.getBackingCrowdUser());
                if (findDirectoryFor != null) {
                    Set allowedOperations = findDirectoryFor.getAllowedOperations();
                    builder.directoryName(findDirectoryFor.getName()).deletable(allowedOperations.contains(OperationType.DELETE_USER)).mutableDetails(allowedOperations.contains(OperationType.UPDATE_USER)).mutableGroups(allowedOperations.contains(OperationType.UPDATE_GROUP));
                }
                UserWithAttributes findUserWithAttributes = DefaultUserAdminService.this.crowdControl.findUserWithAttributes(internalNormalUser.getUsername());
                if (findUserWithAttributes == null || (value = findUserWithAttributes.getValue("lastAuthenticationTimestamp")) == null) {
                    return;
                }
                try {
                    builder.lastAuthenticationTimestamp(new Date(Long.parseLong(value)));
                } catch (NumberFormatException e) {
                }
            }
        });
        return builder.build();
    }

    @VisibleForTesting
    void cleanupDeletedGroups() {
        final Date date = Instant.now().minus(Duration.standardMinutes(this.groupCleanupJobDelay)).toDate();
        final PageRequest newRequest = PageUtils.newRequest(0, this.groupCleanupJobBatchSize);
        boolean z = true;
        while (z) {
            z = ((Boolean) this.requiresNewTransactionTemplate.execute(new TransactionCallback<Boolean>() { // from class: com.atlassian.stash.internal.user.DefaultUserAdminService.4
                /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
                public Boolean m270doInTransaction(TransactionStatus transactionStatus) {
                    Page findByDeletedDateEarlierThan = DefaultUserAdminService.this.deletedGroupDao.findByDeletedDateEarlierThan(date, newRequest);
                    Iterator it = findByDeletedDateEarlierThan.getValues().iterator();
                    while (it.hasNext()) {
                        DefaultUserAdminService.this.cleanupDeletedGroup((InternalDeletedGroup) it.next());
                    }
                    return Boolean.valueOf(!findByDeletedDateEarlierThan.getIsLastPage());
                }
            })).booleanValue();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cleanupDeletedGroup(InternalDeletedGroup internalDeletedGroup) {
        if (this.crowdControl.findGroup(internalDeletedGroup.getName()) == null) {
            this.eventPublisher.publish(new GroupCleanupEvent(this, internalDeletedGroup.getName()));
        }
        this.deletedGroupDao.delete(internalDeletedGroup);
    }

    @VisibleForTesting
    void cleanupDeletedUsers() {
        final Date date = Instant.now().minus(Duration.standardMinutes(this.userCleanupJobDelay)).toDate();
        final PageRequest newRequest = PageUtils.newRequest(0, this.userCleanupJobBatchSize);
        boolean z = true;
        while (z) {
            z = ((Boolean) this.requiresNewTransactionTemplate.execute(new TransactionCallback<Boolean>() { // from class: com.atlassian.stash.internal.user.DefaultUserAdminService.5
                /* renamed from: doInTransaction, reason: merged with bridge method [inline-methods] */
                public Boolean m271doInTransaction(TransactionStatus transactionStatus) {
                    Page findByDeletedDateEarlierThan = DefaultUserAdminService.this.userDao.findByDeletedDateEarlierThan(date, newRequest);
                    Logger logger = DefaultUserAdminService.log;
                    Object[] objArr = new Object[3];
                    objArr[0] = Integer.valueOf(findByDeletedDateEarlierThan.getSize());
                    objArr[1] = findByDeletedDateEarlierThan.getIsLastPage() ? "" : "+";
                    objArr[2] = date;
                    logger.debug("Purging {}{} users that have been removed before '{}'", objArr);
                    Iterator it = findByDeletedDateEarlierThan.getValues().iterator();
                    while (it.hasNext()) {
                        DefaultUserAdminService.this.cleanupDeletedUser((InternalNormalUser) it.next());
                    }
                    return Boolean.valueOf(!findByDeletedDateEarlierThan.getIsLastPage());
                }
            })).booleanValue();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cleanupDeletedUser(InternalNormalUser internalNormalUser) {
        if (!internalNormalUser.isCrowdBacked()) {
            this.eventPublisher.publish(new UserCleanupEvent(this, internalNormalUser.copy().build()));
        }
        this.userDao.update(internalNormalUser.copy().deletedDate((Date) null).build());
    }

    private String generateUsername() {
        return StringUtils.substring(this.secureTokenGenerator.generateToken(), 0, 16);
    }
}
