package com.lc.ibps.cloud.oauth.server.provider;

import cn.hutool.captcha.AbstractCaptcha;
import com.github.benmanes.caffeine.cache.Cache;
import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.api.org.constant.LockMode;
import com.lc.ibps.base.core.cache.LocalCaffeineCache;
import com.lc.ibps.base.core.exception.BaseException;
import com.lc.ibps.base.core.util.AppUtil;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.ExceptionUtil;
import com.lc.ibps.base.core.util.I18nUtil;
import com.lc.ibps.base.core.util.JacksonUtil;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.core.util.string.StringValidator;
import com.lc.ibps.base.datasource.dynamic.DbContextHolder;
import com.lc.ibps.base.datasource.util.DbUtil;
import com.lc.ibps.base.db.tenant.exception.TenantSchemaUncrateException;
import com.lc.ibps.base.db.tenant.utils.TenantQueryUtil;
import com.lc.ibps.base.db.tenant.utils.TenantUtil;
import com.lc.ibps.base.framework.model.OperatorParamter;
import com.lc.ibps.base.framework.request.signature.annotation.Signature;
import com.lc.ibps.base.saas.context.TenantContext;
import com.lc.ibps.base.web.context.RequestContext;
import com.lc.ibps.cloud.config.SecrectConfig;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.oauth.entity.CaptchaVo;
import com.lc.ibps.cloud.oauth.entity.LoginThirdPartyVo;
import com.lc.ibps.cloud.oauth.entity.LoginVo;
import com.lc.ibps.cloud.oauth.entity.LoginWechatVo;
import com.lc.ibps.cloud.oauth.exception.DisabledAccountException;
import com.lc.ibps.cloud.oauth.exception.ExcessiveAttemptsException;
import com.lc.ibps.cloud.oauth.exception.ExpiredAccountException;
import com.lc.ibps.cloud.oauth.exception.ExpiredCaptchaException;
import com.lc.ibps.cloud.oauth.exception.ExpiredCredentialsException;
import com.lc.ibps.cloud.oauth.exception.InactiveException;
import com.lc.ibps.cloud.oauth.exception.IncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.LengthCredentialsException;
import com.lc.ibps.cloud.oauth.exception.LockedAccountException;
import com.lc.ibps.cloud.oauth.exception.ManyIncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.NonCaptchaException;
import com.lc.ibps.cloud.oauth.exception.NonMatchCaptchaException;
import com.lc.ibps.cloud.oauth.exception.NonRequestIdException;
import com.lc.ibps.cloud.oauth.exception.UnknownAccountException;
import com.lc.ibps.cloud.oauth.server.config.UserConfig;
import com.lc.ibps.cloud.oauth.server.context.InnerContextUtil;
import com.lc.ibps.cloud.oauth.server.util.AliyunMessageUtil;
import com.lc.ibps.cloud.redis.utils.RedisUtil;
import com.lc.ibps.cloud.utils.RequestUtil;
import com.lc.ibps.common.utils.LogUtils;
import com.lc.ibps.components.httpclient.model.HttpStatus;
import com.lc.ibps.org.party.persistence.entity.DefaultPartyUserPo;
import com.lc.ibps.org.party.persistence.entity.PartyAttrPo;
import com.lc.ibps.org.party.persistence.entity.PartyAttrValuePo;
import com.lc.ibps.org.party.persistence.entity.PartyEmployeePo;
import com.lc.ibps.org.party.persistence.entity.PartyUserLimitPo;
import com.lc.ibps.org.party.persistence.entity.PartyUserPo;
import com.lc.ibps.org.party.repository.DefaultPartyUserRepository;
import com.lc.ibps.org.party.repository.PartyAttrRepository;
import com.lc.ibps.org.party.repository.PartyAttrValueRepository;
import com.lc.ibps.org.spi.SpiUserService;
import com.lc.ibps.org.spi.SpiUserServiceUtil;
import com.lc.ibps.register.constants.RegDBConstants;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.Extension;
import io.swagger.annotations.ExtensionProperty;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.request.AuthQqRequest;
import me.zhyd.oauth.request.AuthRequest;
import me.zhyd.oauth.request.AuthWeChatEnterpriseQrcodeRequest;
import me.zhyd.oauth.request.AuthWeChatOpenRequest;
import me.zhyd.oauth.request.IBPSAuthDingTalkRequest;
import me.zhyd.oauth.utils.AuthStateUtils;
import org.apache.http.Consts;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestParam;

@Api(tags = {"用户中心"}, value = "用户")
@Service
/* loaded from: input_file:com/lc/ibps/cloud/oauth/server/provider/UserProvider.class */
public class UserProvider extends BaseProvider implements IUserService {

    @Autowired
    @Lazy
    private ITokenService tokenService;

    @Autowired
    @Lazy
    private SecrectConfig secrectConfig;

    @ApiOperation(value = "登录", notes = "传入用户名密码")
    public APIResult<String> login(@ApiParam(name = "loginVo", value = "用户登陆请求对象", required = true) @RequestBody(required = true) LoginVo loginVo) {
        if (logger.isDebugEnabled()) {
            logger.debug("starting login.");
        }
        APIResult<String> aPIResult = new APIResult<>();
        String username = loginVo.getUsername();
        String check_code = loginVo.getCheck_code();
        try {
            if (Boolean.valueOf(AppUtil.getProperty("client.login-state.open", "false")).booleanValue() && StringUtil.isNotBlank(check_code)) {
                String redisKey = this.appConfig.getRedisKey(new String[]{"check.code", check_code});
                if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue()) {
                    throw new BaseException(StateEnum.ILLEGAL_AUTH_CHECK_CODE_ERROR.getCode(), StateEnum.ILLEGAL_AUTH_CHECK_CODE_ERROR.getText(), new Object[0]);
                }
                RedisUtil.redisTemplate.delete(redisKey);
            } else {
                String requestId = loginVo.getRequestId();
                String captcha = loginVo.getCaptcha();
                String phoneCaptcha = loginVo.getPhoneCaptcha();
                String captchaType = loginVo.getCaptchaType();
                boolean isEnabled = this.userConfig.getCaptcha().isEnabled();
                aPIResult.addVariable("captchaOpenStatus", Boolean.valueOf(isEnabled));
                if (StringUtil.isNotBlank(phoneCaptcha)) {
                    AliyunMessageUtil.validate(this.appConfig, username, phoneCaptcha);
                    loginVo.setPassword(this.secrectConfig.getRequestSecretValue());
                } else {
                    String str = (String) RedisUtil.redisTemplateString.opsForValue().get(this.appConfig.getRedisKey(new String[]{"login.captcha", RequestUtil.getIpAddr(RequestContext.getHttpServletRequest())}));
                    if (isEnabled || (this.userConfig.getCaptcha().isForceEnabled() && StringUtil.isNotBlank(str))) {
                        aPIResult.addVariable("captchaOpenStatus", true);
                        captcha(requestId, username, captcha, captchaType);
                    }
                }
            }
            PartyUserPo login0 = login0(loginVo);
            String uuid = uuid();
            aPIResult.setData(uuid);
            RedisUtil.redisTemplateString.opsForValue().set(this.appConfig.getRedisKey(new String[]{"login.state", uuid}), username, this.tokenConfig.getAcexpires().intValue(), TimeUnit.SECONDS);
            getRequest().setAttribute("uid", login0.getUserId());
            getRequest().setAttribute("ufn", login0.getFullname());
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("login").op("access").createBy(login0.getUserId()).createor(login0.getFullname()).build());
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_LOGIN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e).build());
            logger.error("login failed:", e);
        } catch (TenantSchemaUncrateException e2) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_LOGIN.getCode());
            }
            aPIResult.setCause(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.UserProvider.ex.saas.schema.uncreate"));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e2).build());
            logger.error("login failed:", e2);
        } catch (InactiveException e3) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_INACTIVE.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e3));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e3).build());
            logger.error("login failed:", e3);
        } catch (UnknownAccountException e4) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState() && RegDBConstants.REGISTER_ENABLED) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_UNKOWN_REGISTER_FIRST.getCode());
            } else if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_UNKOWN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e4));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e4).build());
            logger.error("login failed:", e4);
        } catch (ManyIncorrectCredentialsException e5) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD_REQUEST_VALIDCODE.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e5));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e5).build());
            logger.error("login failed:", e5);
        } catch (ExcessiveAttemptsException e6) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_LOCKED.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e6));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e6).build());
            logger.error("login failed:", e6);
        } catch (ExpiredAccountException e7) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_EXPIRED.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e7));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e7).build());
            logger.error("login failed:", e7);
        } catch (IncorrectCredentialsException e8) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e8));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e8).build());
            logger.error("login failed:", e8);
        } catch (DisabledAccountException e9) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_DISABLED.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e9));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e9).build());
            logger.error("login failed:", e9);
        } catch (NonRequestIdException e10) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_NON_REQUEST_ID.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e10));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e10).build());
            logger.error("login failed:", e10);
        } catch (LengthCredentialsException e11) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_LENGTH_NOT_MEET_REQUIREMENTS.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e11));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e11).build());
            logger.error("login failed:", e11);
            String uuid2 = uuid();
            aPIResult.setData(uuid2);
            aPIResult.addVariable("userId", e11.getUserId());
            aPIResult.addVariable("tenantId", e11.getTenantId());
            aPIResult.setMessage(e11.getMessage());
            RedisUtil.redisTemplateString.opsForValue().set(this.appConfig.getRedisKey(new String[]{"login.temporary", uuid2}), loginVo.getUsername(), this.tokenConfig.getAcexpires().intValue(), TimeUnit.SECONDS);
        } catch (LockedAccountException e12) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_LOCKED.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e12));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e12).build());
            logger.error("login failed:", e12);
        } catch (NonCaptchaException e13) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_NON_CAPTCHA.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e13));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e13).build());
            logger.error("login failed:", e13);
        } catch (NonMatchCaptchaException e14) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_NON_MATCH_CAPTCHA.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e14));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e14).build());
            logger.error("login failed:", e14);
        } catch (ExpiredCaptchaException e15) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_EXPIRED_CAPTCHA.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e15));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e15).build());
            logger.error("login failed:", e15);
        } catch (ExpiredCredentialsException e16) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_EXPIRED_CREDENTIALS.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e16));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e16).build());
            logger.error("login failed:", e16);
            String uuid3 = uuid();
            aPIResult.setData(uuid3);
            aPIResult.addVariable("userId", e16.getUserId());
            aPIResult.addVariable("tenantId", e16.getTenantId());
            aPIResult.setMessage(e16.getMessage());
            RedisUtil.redisTemplateString.opsForValue().set(this.appConfig.getRedisKey(new String[]{"login.temporary", uuid3}), loginVo.getUsername(), this.tokenConfig.getAcexpires().intValue(), TimeUnit.SECONDS);
        }
        return aPIResult;
    }

    private void captcha(String str, String str2, String str3, String str4) {
        if (StringUtil.isBlank(str)) {
            throw new NonRequestIdException("请求ID为空，请传入请求验证码响应数据中requestId变量值！");
        }
        if (StringUtil.isBlank(str3)) {
            throw new NonCaptchaException("验证码为空，请填写验证码！");
        }
        if (!this.userConfig.getCaptcha().getCaptchaMode(str4)) {
            this.userConfig.verificationCaptcha(str3, str);
            return;
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"login.captcha", str});
        AbstractCaptcha abstractCaptcha = (AbstractCaptcha) RedisUtil.redisTemplate.opsForValue().get(redisKey);
        if (BeanUtils.isEmpty(abstractCaptcha)) {
            throw new ExpiredCaptchaException("验证码过期，请刷新验证码！");
        }
        if (abstractCaptcha.verify(str3)) {
            RedisUtil.redisTemplateString.delete(redisKey);
        } else {
            RedisUtil.redisTemplateString.delete(redisKey);
            throw new NonMatchCaptchaException("验证码不正确！");
        }
    }

    @ApiOperation(value = "登出", notes = "传入令牌")
    public APIResult<String> logout(@RequestParam(name = "access_token", required = true) @ApiParam(name = "access_token", value = "令牌", required = true) String str) {
        String redisKey;
        String redisKey2;
        if (logger.isDebugEnabled()) {
            logger.debug("logout");
        }
        APIResult<String> aPIResult = new APIResult<>();
        try {
            redisKey = this.appConfig.getRedisKey(new String[]{"access.token", str});
            redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", str, "0"});
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("logout failed:", e);
        }
        if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue() && !RedisUtil.redisTemplate.hasKey(redisKey2).booleanValue()) {
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new BaseException(StateEnum.ILLEGAL_TOKEN.getCode(), StateEnum.ILLEGAL_TOKEN.getText(), new Object[0]);
        }
        if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue() && RedisUtil.redisTemplate.hasKey(redisKey2).booleanValue()) {
            aPIResult.setState(StateEnum.EXPIRED_TOKEN.getCode());
            throw new BaseException(StateEnum.EXPIRED_TOKEN.getCode(), StateEnum.EXPIRED_TOKEN.getText(), new Object[0]);
        }
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "grant.type");
        Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "refresh.token");
        Object obj3 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        Object obj4 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "user.name");
        if (BeanUtils.isEmpty(obj)) {
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new BaseException(StateEnum.ILLEGAL_TOKEN.getCode(), StateEnum.ILLEGAL_TOKEN.getText(), new Object[0]);
        }
        String str2 = null;
        String obj5 = obj.toString();
        if (logger.isDebugEnabled()) {
            logger.debug("grant type {}.", obj5);
        }
        if ("authorization_code".equalsIgnoreCase(obj5)) {
            if (this.tokenConfig.getAuthorizationCode().isSingle()) {
                str2 = this.appConfig.getRedisKey(new String[]{"key", obj4.toString()});
            } else {
                cacheKeys(null, redisKey, obj2.toString());
            }
        } else if ("authorization_nfdw".equalsIgnoreCase(obj5)) {
            if (this.tokenConfig.getAuthorizationPassword().isSingle()) {
                str2 = this.appConfig.getRedisKey(new String[]{"key", obj4.toString()});
            } else {
                cacheKeys(null, redisKey, obj2.toString());
            }
        } else if ("password_credentials".equalsIgnoreCase(obj5)) {
            if (this.tokenConfig.getAuthorizationPassword().isSingle()) {
                str2 = this.appConfig.getRedisKey(new String[]{"key", obj4.toString()});
            } else {
                cacheKeys(null, redisKey, obj2.toString());
            }
        } else {
            if (!"client_credentials".equalsIgnoreCase(obj5)) {
                aPIResult.setState(StateEnum.ILLEGAL_REQUEST.getCode());
                throw new BaseException(StateEnum.ERROR_REQUEST_TYPE_NOT_SUPPORTED.getCode(), StateEnum.ERROR_REQUEST_TYPE_NOT_SUPPORTED.getText(), new Object[0]);
            }
            if (this.tokenConfig.getAuthorizationClient().isSingle()) {
                str2 = this.appConfig.getRedisKey(new String[]{"key", obj3.toString()});
            } else {
                cacheKeys(null, redisKey, obj2.toString());
            }
        }
        if (StringUtil.isEmpty(str2)) {
            RedisUtil.redisTemplate.delete(redisKey);
            RedisUtil.redisTemplate.delete(this.appConfig.getRedisKey(new String[]{"refresh.token", obj2.toString()}));
        } else {
            cleanCacheKeys(str2);
        }
        return aPIResult;
    }

    @ApiOperation(value = "获取验证码", notes = "获取验证码")
    public APIResult<Object> captcha(@ApiParam(name = "captchaVo", value = "验证码对象", required = true) @RequestBody(required = true) CaptchaVo captchaVo) {
        if (logger.isDebugEnabled()) {
            logger.debug("captcha ...");
        }
        APIResult<Object> aPIResult = new APIResult<>();
        try {
            if (StringUtil.isBlank(captchaVo.getRequestId())) {
                captchaVo.setRequestId(uuid());
            }
            aPIResult.addVariable("requestId", captchaVo.getRequestId());
            aPIResult.addVariable("ts", captchaVo.getTs());
            String str = (String) RedisUtil.redisTemplateString.opsForValue().get(this.appConfig.getRedisKey(new String[]{"login.captcha", RequestUtil.getIpAddr(RequestContext.getHttpServletRequest())}));
            if (!this.userConfig.getCaptcha().isEnabled() && (!this.userConfig.getCaptcha().isForceEnabled() || !StringUtil.isNotBlank(str))) {
                aPIResult.setState(StateEnum.NOT_IMPLEMENTED_REQUEST.getCode());
                aPIResult.setMessage(I18nUtil.getMessage(StringUtil.build(new Object[]{"state.", Integer.valueOf(StateEnum.NOT_IMPLEMENTED_REQUEST.getCode())})));
            } else if (this.userConfig.getCaptcha().getCaptchaMode(captchaVo.getCaptchaType())) {
                AbstractCaptcha captcha = this.userConfig.getCaptcha().getCaptcha();
                if (logger.isDebugEnabled()) {
                    logger.debug("requestId {}, captcha {}.", captchaVo.getRequestId(), captcha.getCode());
                }
                aPIResult.setData(StringUtil.build(new Object[]{"data:image/png;base64,", captcha.getImageBase64()}));
                RedisUtil.redisTemplate.opsForValue().set(this.appConfig.getRedisKey(new String[]{"login.captcha", captchaVo.getRequestId()}), captcha, this.userConfig.getCaptcha().getTimeout(), TimeUnit.SECONDS);
            } else {
                aPIResult.setData(this.userConfig.getCaptcha(captchaVo));
            }
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_VALID_CODE.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("logout failed:", e);
        }
        return aPIResult;
    }

    @ApiOperation(value = "核对验证码", notes = "核对验证码")
    public APIResult<Object> captchaCheck(@ApiParam(name = "captchaVo", value = "验证码对象", required = true) @RequestBody(required = true) CaptchaVo captchaVo) {
        if (logger.isDebugEnabled()) {
            logger.debug("captcha check...");
        }
        APIResult<Object> aPIResult = new APIResult<>();
        try {
            if (StringUtil.isBlank(captchaVo.getRequestId())) {
                captchaVo.setRequestId(uuid());
            }
            aPIResult.addVariable("requestId", captchaVo.getRequestId());
            aPIResult.addVariable("ts", captchaVo.getTs());
            aPIResult.setData(this.userConfig.checkCaptcha(captchaVo));
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_VALID_CODE.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("logout failed:", e);
        }
        return aPIResult;
    }

    @ApiOperation(value = "获取手机验证码", notes = "获取手机验证码")
    public APIResult<String> phoneCaptcha(@RequestParam(name = "requestId", required = false) @ApiParam(name = "requestId", value = "请求ID", required = false) String str, @RequestParam(name = "phone", required = true) @ApiParam(name = "phone", value = "手机号码", required = true) String str2) {
        if (logger.isDebugEnabled()) {
            logger.debug("phone captcha ...");
        }
        APIResult<String> aPIResult = new APIResult<>();
        try {
            if (StringUtil.isBlank(str)) {
                str = uuid();
            }
            aPIResult.addVariable("requestId", str);
            APIResult<Void> enterprise = AliyunMessageUtil.enterprise(this.appConfig, str2);
            aPIResult.setState(enterprise.getState());
            aPIResult.setCause(enterprise.getCause());
            aPIResult.setMessage(enterprise.getMessage());
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_VALID_CODE.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("logout failed:", e);
        }
        return aPIResult;
    }

    @ApiOperation(value = "获取验证码开启状态", notes = "获取验证码开启状态")
    public APIResult<Boolean> captchaOpen(@RequestParam(name = "requestId", required = false) @ApiParam(name = "requestId", value = "请求ID", required = false) String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("captcha ...");
        }
        APIResult<Boolean> aPIResult = new APIResult<>();
        aPIResult.setData(false);
        try {
            if (StringUtil.isBlank(str)) {
                str = uuid();
            }
            aPIResult.addVariable("requestId", str);
            String str2 = (String) RedisUtil.redisTemplateString.opsForValue().get(this.appConfig.getRedisKey(new String[]{"login.captcha", RequestUtil.getIpAddr(RequestContext.getHttpServletRequest())}));
            if (this.userConfig.getCaptcha().isEnabled() || (this.userConfig.getCaptcha().isForceEnabled() && StringUtil.isNotBlank(str2))) {
                aPIResult.setData(true);
            }
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_VALID_CODE.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("logout failed:", e);
        }
        return aPIResult;
    }

    @ApiOperation(value = "获取客户端加密策略", notes = "获取客户端加密策略")
    public APIResult<UserConfig.Encrypt> getClientEncrypt() {
        APIResult<UserConfig.Encrypt> aPIResult = new APIResult<>();
        aPIResult.setData(this.userConfig.getClientEncrypt());
        return aPIResult;
    }

    @ApiOperation(value = "用户解锁", notes = "用户解锁", extensions = {@Extension(properties = {@ExtensionProperty(name = "submitCtrl", value = "Y")})})
    @Signature
    public APIResult<Void> unlock(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str) {
        APIResult verify;
        if (logger.isDebugEnabled()) {
            logger.debug("unlock user.");
        }
        APIResult<Void> aPIResult = new APIResult<>();
        try {
            verify = this.tokenService.verify(str);
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ERROR_ORG.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("unlock user failed:", e);
        }
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            aPIResult.setCause(verify.getCause());
            return aPIResult;
        }
        if (TenantUtil.isTenantEnabled()) {
            List findAllPassed = TenantQueryUtil.findAllPassed();
            if (BeanUtils.isNotEmpty(findAllPassed)) {
                Iterator it = findAllPassed.iterator();
                while (it.hasNext()) {
                    try {
                        try {
                            String obj = ((Map) it.next()).get("id").toString();
                            TenantContext.forceTenantObject(TenantQueryUtil.get(obj));
                            String realDsAlias = TenantUtil.TenantSchemaUtil.getRealDsAlias(obj, TenantUtil.getProviderId());
                            if (StringUtil.isNotBlank(realDsAlias)) {
                                DbContextHolder.setDataSource(realDsAlias, DbUtil.getCurDBtype());
                            }
                            unlock();
                            DbContextHolder.setDataSource(TenantContext.getTenantDsAlias(), DbUtil.getCurDBtype());
                            TenantContext.clearForceTenantObject();
                        } catch (Throwable th) {
                            DbContextHolder.setDataSource(TenantContext.getTenantDsAlias(), DbUtil.getCurDBtype());
                            TenantContext.clearForceTenantObject();
                            throw th;
                        }
                    } catch (Exception e2) {
                        throw new BaseException(e2);
                    }
                }
            } else {
                unlock();
            }
        } else {
            unlock();
        }
        return aPIResult;
    }

    private void unlock() {
        List<PartyUserLimitPo> findByUnlockTime = this.partyUserLimitRepository.findByUnlockTime(LockMode.get(this.userLimitConfig.getMode()), new Date());
        if (BeanUtils.isNotEmpty(findByUnlockTime)) {
            for (PartyUserLimitPo partyUserLimitPo : findByUnlockTime) {
                unlockByAccount(partyUserLimitPo.getAccount());
                RedisUtil.redisTemplateInteger.delete(this.appConfig.getRedisKey(new String[]{"login.retry", partyUserLimitPo.getAccount()}));
            }
        }
    }

    @ApiOperation(value = "删除自动锁定用户的缓存数据", notes = "删除自动锁定用户的缓存数据", extensions = {@Extension(properties = {@ExtensionProperty(name = "submitCtrl", value = "Y")})})
    @Signature
    public APIResult<Void> removeAutoCache(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @ApiParam(name = "usernames", value = "用户账号数组", required = true) @RequestBody(required = true) String[] strArr) {
        APIResult verify;
        if (logger.isDebugEnabled()) {
            logger.debug("unlock user.");
        }
        APIResult<Void> aPIResult = new APIResult<>();
        try {
            verify = this.tokenService.verify(str);
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ERROR_ORG.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("unlock user failed:", e);
        }
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            aPIResult.setCause(verify.getCause());
            return aPIResult;
        }
        for (String str2 : strArr) {
            RedisUtil.redisTemplateInteger.delete(this.appConfig.getRedisKey(new String[]{"login.retry", str2}));
        }
        return aPIResult;
    }

    @ApiOperation(value = "用户上下文信息", notes = "根据用户名查询用户上下文数据")
    public APIResult<Map<String, Object>> context(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @RequestHeader(name = "X-Authorization-tenantid", required = false) @ApiParam(name = "X-Authorization-tenantid", value = "租户ID", required = false) String str2, @RequestParam(name = "username", required = true) @ApiParam(name = "username", value = "用户账号", required = true) String str3) {
        String str4;
        APIResult verify;
        if (logger.isDebugEnabled()) {
            logger.debug("starting get context info.");
        }
        APIResult<Map<String, Object>> aPIResult = new APIResult<>();
        try {
            String str5 = (String) Optional.ofNullable(str2).orElse("-999");
            str4 = StringUtil.isBlank(str5) ? "-999" : str5;
            if (str.contains(",")) {
                str = str.split(",")[0];
            }
            verify = this.tokenService.verify(str, false, false, str4);
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("get context info failed:", e);
        }
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            aPIResult.setCause(verify.getCause());
            return aPIResult;
        }
        InnerContextUtil.createContextData(str4, getRequest().getHeader("X-Authorization-systemid"), str3, aPIResult, (String) verify.getData(), (String) verify.getVariable("mobile"), (String) verify.getVariable("email"));
        if (logger.isDebugEnabled()) {
            logger.debug("context is {}.", aPIResult);
        }
        return aPIResult;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v41, types: [java.util.Map] */
    @ApiOperation(value = "用户上下文信息", notes = "根据用户名查询用户上下文数据")
    public APIResult<Map<String, Object>> context(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @RequestHeader(name = "X-Authorization-tenantid", required = false) @ApiParam(name = "X-Authorization-tenantid", value = "租户ID", required = false) String str2) {
        String str3;
        String header;
        APIResult verify;
        HashMap hashMap;
        if (logger.isDebugEnabled()) {
            logger.debug("starting get context info.");
        }
        APIResult<Map<String, Object>> aPIResult = new APIResult<>();
        try {
            String str4 = (String) Optional.ofNullable(str2).orElse("-999");
            str3 = StringUtil.isBlank(str4) ? "-999" : str4;
            header = getRequest().getHeader("X-Authorization-systemid");
            if (str.contains(",")) {
                str = str.split(",")[0];
            }
            verify = this.tokenService.verify(str, false, false, str3);
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("get context info failed:", e);
        }
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            aPIResult.setCause(verify.getCause());
            return aPIResult;
        }
        if (LocalCaffeineCache.isLocalCacheEnabled("com.lc.context.user.enabled")) {
            Cache<String, Object> orCreateCaffeineCache = InnerContextUtil.getOrCreateCaffeineCache();
            hashMap = (Map) LocalCaffeineCache.get(orCreateCaffeineCache, StringUtil.build(new Object[]{verify.getData(), ".", str3}));
            if (hashMap == null) {
                hashMap = new HashMap();
                InnerContextUtil.fillData((String) verify.getData(), str3, header, hashMap);
                LocalCaffeineCache.put(orCreateCaffeineCache, StringUtil.build(new Object[]{verify.getData(), ".", str3}), hashMap);
                if (logger.isDebugEnabled()) {
                    logger.debug("Put local<{}> cache -> {}", "context.user", StringUtil.build(new Object[]{verify.getData(), ".", str3}));
                }
            }
        } else {
            hashMap = new HashMap();
            InnerContextUtil.fillData((String) verify.getData(), str3, header, hashMap);
        }
        aPIResult.setData(hashMap);
        if (logger.isDebugEnabled()) {
            logger.debug("context is {}.", aPIResult);
        }
        return aPIResult;
    }

    @ApiOperation(value = "清除用户token缓存", notes = "根据用户id清除用户token缓存")
    public APIResult<Map<String, Object>> cleanTokenCache(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @ApiParam(name = "userId", value = "用户id", required = true) @RequestBody(required = true) String str2) {
        APIResult verify;
        APIResult<Map<String, Object>> aPIResult = new APIResult<>();
        try {
            verify = this.tokenService.verify(str);
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("cleanAccessToken failed:", e);
        }
        if (verify.isSuccess()) {
            cleanCacheKeys(this.appConfig.getRedisKey(new String[]{"key", (TenantUtil.isTenantEnabled() ? SpiUserServiceUtil.load().get(str2, new OperatorParamter[0]) : this.partyUserRepository.get(str2)).getAccount()}));
            return aPIResult;
        }
        aPIResult.setState(verify.getState());
        aPIResult.setCause(verify.getCause());
        return aPIResult;
    }

    @ApiOperation(value = "清除用户缓存", notes = "根据用户id清除用户缓存")
    public APIResult<Map<String, Object>> cleanUserCache(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @ApiParam(name = "userId", value = "用户id", required = true) @RequestBody(required = true) String str2) {
        APIResult verify;
        APIResult<Map<String, Object>> aPIResult = new APIResult<>();
        try {
            verify = this.tokenService.verify(str);
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("cleanUserCache failed:", e);
        }
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            aPIResult.setCause(verify.getCause());
            return aPIResult;
        }
        RedisUtil.redisTemplateInteger.delete(this.appConfig.getRedisKey(new String[]{"login.retry", (String) verify.getData()}));
        this.partyUserRepository.evict(str2);
        this.partyEmployeeRepository.evict(str2);
        this.defaultPartyUserRepository.evict(str2);
        if (TenantUtil.isTenantEnabled()) {
            SpiUserService load = SpiUserServiceUtil.load();
            if (TenantContext.isTenantAdmin().booleanValue()) {
                load.cleanTenantAdminCache(str2);
            } else {
                load.cleanTenantCache(str2);
            }
        }
        return aPIResult;
    }

    @ApiOperation(value = "密码校验", notes = "密码校验")
    public APIResult<Boolean> validPass(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @ApiParam(name = "loginVo", value = "用户登陆请求对象", required = true) @RequestBody(required = true) LoginVo loginVo) {
        APIResult verify;
        PartyUserPo byAccount;
        APIResult<Boolean> aPIResult = new APIResult<>();
        try {
            verify = this.tokenService.verify(str);
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("cleanUserCache failed:", e);
        }
        if (!verify.isSuccess()) {
            aPIResult.setData(false);
            aPIResult.setState(verify.getState());
            aPIResult.setCause(verify.getCause());
            return aPIResult;
        }
        String username = loginVo.getUsername();
        String password = loginVo.getPassword();
        if (TenantUtil.isTenantEnabled()) {
            byAccount = InnerContextUtil.getByAccount(loginVo, false);
        } else {
            this.defaultPartyUserRepository.setSkipCache();
            byAccount = InnerContextUtil.getByAccount(username, false, OperatorParamter.Builder.create().add("clientKey", loginVo.getClientKey()).build());
            this.defaultPartyUserRepository.removeSkipCache();
        }
        if (BeanUtils.isEmpty(byAccount)) {
            if (RegDBConstants.REGISTER_ENABLED) {
                throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.login.ex.unknown.register.first"));
            }
            throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.login.ex.unknown"));
        }
        if (byAccount.getPassword().equals(this.userConfig.encrypt(password))) {
            aPIResult.setData(true);
        } else {
            aPIResult.setData(false);
        }
        return aPIResult;
    }

    @ApiOperation(value = "微信登陆", notes = "微信登录")
    public APIResult<String> loginByWechat(@RequestBody(required = true) LoginWechatVo loginWechatVo) {
        APIResult<String> aPIResult = new APIResult<>();
        String str = "";
        CloseableHttpResponse closeableHttpResponse = null;
        CloseableHttpClient createDefault = HttpClients.createDefault();
        try {
            try {
                String property = AppUtil.getProperty("wechat.gettoken");
                String str2 = "";
                ArrayList arrayList = new ArrayList();
                arrayList.add(new BasicNameValuePair("corpid", AppUtil.getProperty("wechat.corpid")));
                arrayList.add(new BasicNameValuePair("corpsecret", AppUtil.getProperty("wechat.corpsecret")));
                CloseableHttpResponse execute = createDefault.execute(new HttpGet(StringUtil.build(new Object[]{property, "?", EntityUtils.toString(new UrlEncodedFormEntity(arrayList, Consts.UTF_8))})));
                if (execute.getStatusLine().getStatusCode() == HttpStatus.OK.value()) {
                    Map map = JacksonUtil.toMap(EntityUtils.toString(execute.getEntity(), "utf-8"));
                    str2 = map.containsKey("access_token") ? map.get("access_token").toString() : "";
                }
                if (StringUtil.isEmpty(str2)) {
                    setExceptionResult(aPIResult, StateEnum.ILLEGAL_WECHAT_ERROT.getCode(), "获取access_token失败", new Exception("获取access_token失败"));
                    if (createDefault != null) {
                        try {
                            createDefault.close();
                        } catch (IOException e) {
                            throw new BaseException(StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getCode(), StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getText(), new Object[0]);
                        }
                    }
                    if (execute != null) {
                        execute.close();
                    }
                    return aPIResult;
                }
                CloseableHttpResponse execute2 = createDefault.execute(new HttpPost(String.format(AppUtil.getProperty("wechat.getuserinfo"), str2, loginWechatVo.getCode())));
                if (execute2.getStatusLine().getStatusCode() == HttpStatus.OK.value()) {
                    Map map2 = JacksonUtil.toMap(EntityUtils.toString(execute2.getEntity(), "utf-8"));
                    str = map2.containsKey("UserId") ? map2.get("UserId").toString() : "";
                }
                if (StringUtil.isEmpty(str)) {
                    setExceptionResult(aPIResult, StateEnum.ILLEGAL_WECHAT_ERROT.getCode(), "获取userId失败", new Exception("获取userId失败"));
                    if (createDefault != null) {
                        try {
                            createDefault.close();
                        } catch (IOException e2) {
                            throw new BaseException(StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getCode(), StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getText(), new Object[0]);
                        }
                    }
                    if (execute2 != null) {
                        execute2.close();
                    }
                    return aPIResult;
                }
                DefaultPartyUserPo byWcAccount = ((DefaultPartyUserRepository) AppUtil.getBean(DefaultPartyUserRepository.class)).getByWcAccount(str);
                if (!BeanUtils.isNotEmpty(byWcAccount)) {
                    LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(StringUtil.build(new Object[]{"wechat-", str})).build());
                    APIResult<String> result = setResult(aPIResult, StateEnum.ERROR_EMPLOYEE.getCode(), I18nUtil.getMessage(StringUtil.build(new Object[]{"state.", Integer.valueOf(StateEnum.ERROR_EMPLOYEE.getCode())})), null);
                    if (createDefault != null) {
                        try {
                            createDefault.close();
                        } catch (IOException e3) {
                            throw new BaseException(StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getCode(), StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getText(), new Object[0]);
                        }
                    }
                    if (execute2 != null) {
                        execute2.close();
                    }
                    return result;
                }
                String uuid = uuid();
                aPIResult.setData(uuid);
                RedisUtil.redisTemplateString.opsForValue().set(this.appConfig.getRedisKey(new String[]{"login.state", uuid}), byWcAccount.getAccount(), this.tokenConfig.getAcexpires().intValue(), TimeUnit.SECONDS);
                getRequest().setAttribute("uid", byWcAccount.getUserId());
                getRequest().setAttribute("ufn", byWcAccount.getFullname());
                LogUtils.saveLog(LogUtils.create().request(getRequest()).type("login").op("access").createBy(byWcAccount.getUserId()).createor(byWcAccount.getFullname()).build());
                if (createDefault != null) {
                    try {
                        createDefault.close();
                    } catch (IOException e4) {
                        throw new BaseException(StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getCode(), StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getText(), new Object[0]);
                    }
                }
                if (execute2 != null) {
                    execute2.close();
                }
                return aPIResult;
            } catch (Throwable th) {
                if (createDefault != null) {
                    try {
                        createDefault.close();
                    } catch (IOException e5) {
                        throw new BaseException(StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getCode(), StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getText(), new Object[0]);
                    }
                }
                if (0 != 0) {
                    closeableHttpResponse.close();
                }
                throw th;
            }
        } catch (Exception e6) {
            setExceptionResult(aPIResult, StateEnum.ILLEGAL_WECHAT_ERROT.getCode(), StateEnum.ILLEGAL_WECHAT_ERROT.getText(), new Exception(I18nUtil.getMessage(StringUtil.build(new Object[]{"state.", Integer.valueOf(StateEnum.ILLEGAL_WECHAT_ERROT.getCode())}))));
            if (createDefault != null) {
                try {
                    createDefault.close();
                } catch (IOException e7) {
                    throw new BaseException(StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getCode(), StateEnum.ERROR_SYSTEM_CLOSE_OPERATION.getText(), new Object[0]);
                }
            }
            if (0 != 0) {
                closeableHttpResponse.close();
            }
            return aPIResult;
        }
    }

    @ApiOperation(value = "创建授权", notes = "创建授权request，生成授权界面，授权登录")
    public APIResult<Map<String, String>> getAuthorize(@RequestHeader(value = "Referer", required = true) @ApiParam(name = "Referer", value = "调用地址", required = true) String str, @RequestParam(name = "source", required = true) @ApiParam(name = "source", value = "第三方来源标识", required = true) String str2, @RequestParam(name = "url", required = true) @ApiParam(name = "url", value = "回调页面地址", required = true) String str3) {
        String build;
        APIResult<Map<String, String>> aPIResult = new APIResult<>();
        try {
            build = StringValidator.isIp(str) ? StringUtil.build(new Object[]{AppUtil.getProperty("justauth.redirect-uri"), str3}) : StringUtil.build(new Object[]{str.substring(0, str.length() - 1), str3});
        } catch (Exception e) {
            setExceptionResult(aPIResult, StateEnum.ILLEGAL_LOGIN.getCode(), StateEnum.ILLEGAL_LOGIN.getText(), e);
        }
        if (StringUtil.isBlank(build)) {
            throw new BaseException(StateEnum.ERROR_THIRD_PART_REDIRECT_URI_SETTING.getCode(), StateEnum.ERROR_THIRD_PART_REDIRECT_URI_SETTING.getText(), new Object[0]);
        }
        AuthRequest authRequest = getAuthRequest(str2, build);
        String createState = AuthStateUtils.createState();
        String authorize = authRequest.authorize(createState);
        HashMap hashMap = new HashMap();
        hashMap.put("state", createState);
        hashMap.put("authorizeUrl", authorize);
        aPIResult.setData(hashMap);
        return aPIResult;
    }

    @ApiOperation(value = "授权回调", notes = "授权回调")
    public APIResult<String> authorizeLogin(@RequestHeader(value = "Referer", required = true) @ApiParam(name = "Referer", value = "调用地址", required = true) String str, @ApiParam(name = "loginThirdPartyVo", value = "第三方登录请求对象", required = true) @RequestBody(required = true) LoginThirdPartyVo loginThirdPartyVo) {
        AuthCallback authCallback;
        String source;
        String build;
        APIResult<String> aPIResult = new APIResult<>();
        try {
            authCallback = new AuthCallback();
            source = loginThirdPartyVo.getSource();
            build = StringValidator.isIp(str) ? StringUtil.build(new Object[]{AppUtil.getProperty("justauth.redirect-uri"), "/", AppUtil.getProperty("justauth.redirect-uri-suffix")}) : StringUtil.build(new Object[]{str, AppUtil.getProperty("justauth.redirect-uri-suffix")});
        } catch (Exception e) {
            setExceptionResult(aPIResult, StateEnum.ILLEGAL_LOGIN.getCode(), StateEnum.ILLEGAL_LOGIN.getText(), e);
        }
        if (StringUtil.isBlank(build)) {
            throw new BaseException(StateEnum.ERROR_THIRD_PART_REDIRECT_URI_SETTING.getCode(), StateEnum.ERROR_THIRD_PART_REDIRECT_URI_SETTING.getText(), new Object[0]);
        }
        authCallback.setState(loginThirdPartyVo.getState());
        authCallback.setCode(loginThirdPartyVo.getCode());
        AuthResponse login = getAuthRequest(source, build).login(authCallback);
        if (BeanUtils.isEmpty(login)) {
            throw new BaseException(StateEnum.ERROR_THIRD_PART_AUTHORIZATION_RESPONSE.getCode(), StateEnum.ERROR_THIRD_PART_AUTHORIZATION_RESPONSE.getText(), new Object[0]);
        }
        Boolean valueOf = Boolean.valueOf(AppUtil.getProperty("thirdpart.open", "true"));
        Boolean valueOf2 = Boolean.valueOf(AppUtil.getProperty(StringUtil.build(new Object[]{"thirdpart.type.", source, ".value"}), "false"));
        if (!valueOf.booleanValue()) {
            throw new BaseException(StateEnum.ERROR_THIRD_PART_PARTICIPANT_ATTRIBUTE_SETTING_CLOSE.getCode(), StateEnum.ERROR_THIRD_PART_PARTICIPANT_ATTRIBUTE_SETTING_CLOSE.getText(), new Object[0]);
        }
        String property = AppUtil.getProperty(StringUtil.build(new Object[]{"justauth.type.", source, ".match-field"}));
        if (StringUtil.isBlank(property)) {
            throw new BaseException(StateEnum.ERROR_THIRD_PART_PLATFORM_MATCH_FIELD.getCode(), StateEnum.ERROR_THIRD_PART_PLATFORM_MATCH_FIELD.getText(), new Object[0]);
        }
        AuthUser authUser = (AuthUser) login.getData();
        String str2 = (String) authUser.getRawUserInfo().get(property);
        DefaultPartyUserRepository defaultPartyUserRepository = (DefaultPartyUserRepository) AppUtil.getBean(DefaultPartyUserRepository.class);
        DefaultPartyUserPo defaultPartyUserPo = null;
        if (StringUtil.isNotBlank(str2)) {
            if (valueOf2.booleanValue()) {
                PartyAttrPo byAttrKey = ((PartyAttrRepository) AppUtil.getBean(PartyAttrRepository.class)).getByAttrKey(AppUtil.getProperty(StringUtil.build(new Object[]{"thirdpart.type.", source, ".match-field"})));
                if (BeanUtils.isEmpty(byAttrKey)) {
                    throw new BaseException(StateEnum.ERROR_THIRD_PART_PARTICIPANT_ATTRIBUTE_NOT_EXIST.getCode(), StateEnum.ERROR_THIRD_PART_PARTICIPANT_ATTRIBUTE_NOT_EXIST.getText(), new Object[0]);
                }
                PartyAttrValuePo findByAttrKeyAndValue = ((PartyAttrValueRepository) AppUtil.getBean(PartyAttrValueRepository.class)).findByAttrKeyAndValue(byAttrKey.getId(), str2);
                if (BeanUtils.isNotEmpty(findByAttrKeyAndValue)) {
                    defaultPartyUserPo = (DefaultPartyUserPo) defaultPartyUserRepository.get(findByAttrKeyAndValue.getPartyID());
                } else {
                    str2 = "";
                }
            } else {
                if (source.equals("wechat_enterprise")) {
                    defaultPartyUserPo = defaultPartyUserRepository.getByWcAccount(str2);
                }
                if (BeanUtils.isEmpty(defaultPartyUserPo)) {
                    str2 = "";
                }
            }
        }
        if (StringUtil.isBlank(str2) && BeanUtils.isEmpty(defaultPartyUserPo)) {
            String mobile = authUser.getMobile();
            if (StringUtil.isBlank(mobile) && !source.equals("wechat_open")) {
                throw new BaseException(StateEnum.ERROR_THIRD_PART_MOBILE_NO_EXIST.getCode(), StateEnum.ERROR_THIRD_PART_MOBILE_NO_EXIST.getText(), new Object[0]);
            }
            defaultPartyUserPo = defaultPartyUserRepository.getByMobile(mobile);
        }
        if (BeanUtils.isEmpty(defaultPartyUserPo)) {
            throw new BaseException(StateEnum.ERROR_THIRD_PART_USER_OR_PLATFORM_NO_EXIT.getCode(), StateEnum.ERROR_THIRD_PART_USER_OR_PLATFORM_NO_EXIT.getText(), new Object[0]);
        }
        if (!BeanUtils.isNotEmpty(defaultPartyUserPo)) {
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(StringUtil.build(new Object[]{"wechat-", defaultPartyUserPo.getUserId()})).build());
            return setResult(aPIResult, StateEnum.ERROR_EMPLOYEE.getCode(), I18nUtil.getMessage(StringUtil.build(new Object[]{"state.", Integer.valueOf(StateEnum.ERROR_EMPLOYEE.getCode())})), null);
        }
        String uuid = uuid();
        aPIResult.setData(uuid);
        RedisUtil.redisTemplateString.opsForValue().set(this.appConfig.getRedisKey(new String[]{"login.state", uuid}), defaultPartyUserPo.getAccount(), this.tokenConfig.getAcexpires().intValue(), TimeUnit.SECONDS);
        getRequest().setAttribute("uid", defaultPartyUserPo.getUserId());
        getRequest().setAttribute("ufn", defaultPartyUserPo.getFullname());
        LogUtils.saveLog(LogUtils.create().request(getRequest()).type("login").op("access").createBy(defaultPartyUserPo.getUserId()).createor(defaultPartyUserPo.getFullname()).build());
        return aPIResult;
    }

    @ApiOperation(value = "第三方平台获取用户详细信息", notes = "第三方平台获取用户详细信息")
    public APIResult<Map<String, String>> getUserInfo(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @RequestParam(name = "code", required = true) @ApiParam(name = "code", value = "凭证", required = true) String str2) {
        APIResult<Map<String, String>> aPIResult = new APIResult<>();
        HashMap hashMap = new HashMap();
        if (!RedisUtil.redisTemplate.opsForHash().get(this.appConfig.getRedisKey(new String[]{"access.token", str}), "check.code").toString().equalsIgnoreCase(str2)) {
            throw new BaseException(StateEnum.ILLEGAL_AUTH_AUTHORIZATION_PARAMETER_ERROR.getCode(), StateEnum.ILLEGAL_AUTH_AUTHORIZATION_PARAMETER_ERROR.getText(), new Object[0]);
        }
        PartyEmployeePo partyEmployeePo = (PartyEmployeePo) ((Map) context(str, null).getData()).get("employee");
        if (BeanUtils.isEmpty(partyEmployeePo)) {
            throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_NOT_EXIST.getCode(), StateEnum.ILLEGAL_ACCOUNT_NOT_EXIST.getText(), new Object[0]);
        }
        hashMap.put("account", partyEmployeePo.getAccount());
        hashMap.put("mobile", partyEmployeePo.getMobile());
        hashMap.put("email", partyEmployeePo.getEmail());
        hashMap.put("name", partyEmployeePo.getName());
        hashMap.put("gender", partyEmployeePo.getGender());
        hashMap.put("tenantId", partyEmployeePo.getTenantId());
        aPIResult.setData(hashMap);
        return aPIResult;
    }

    private AuthRequest getAuthRequest(String str, String str2) {
        IBPSAuthDingTalkRequest iBPSAuthDingTalkRequest = null;
        String property = AppUtil.getProperty(StringUtil.build(new Object[]{"justauth.type.", str, ".app-id"}));
        String property2 = AppUtil.getProperty(StringUtil.build(new Object[]{"justauth.type.", str, ".app-secret"}));
        String property3 = AppUtil.getProperty(StringUtil.build(new Object[]{"justauth.type.", str, ".client-id"}));
        String property4 = AppUtil.getProperty(StringUtil.build(new Object[]{"justauth.type.", str, ".client-secret"}));
        String property5 = AppUtil.getProperty(StringUtil.build(new Object[]{"justauth.type.", str, ".agent-id"}));
        String lowerCase = str.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -325015014:
                if (lowerCase.equals("wechat_enterprise")) {
                    z = true;
                    break;
                }
                break;
            case -136881213:
                if (lowerCase.equals("wechat_open")) {
                    z = 3;
                    break;
                }
                break;
            case 3616:
                if (lowerCase.equals("qq")) {
                    z = 2;
                    break;
                }
                break;
            case 133862058:
                if (lowerCase.equals("dingtalk")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                iBPSAuthDingTalkRequest = new IBPSAuthDingTalkRequest(AuthConfig.builder().appId(property).appSecret(property2).clientId(property3).clientSecret(property4).redirectUri(str2).build());
                break;
            case true:
                iBPSAuthDingTalkRequest = new AuthWeChatEnterpriseQrcodeRequest(AuthConfig.builder().clientId(property3).clientSecret(property4).redirectUri(str2).agentId(property5).build());
                break;
            case true:
                iBPSAuthDingTalkRequest = new AuthQqRequest(AuthConfig.builder().clientId(property3).clientSecret(property4).redirectUri(str2).build());
                break;
            case AliyunMessageUtil.expired /* 3 */:
                iBPSAuthDingTalkRequest = new AuthWeChatOpenRequest(AuthConfig.builder().clientId(property3).clientSecret(property4).redirectUri(str2).build());
                break;
        }
        if (null == iBPSAuthDingTalkRequest) {
            throw new AuthException("未获取到有效的Auth配置");
        }
        return iBPSAuthDingTalkRequest;
    }
}
