package com.atlassian.jira.rest.v2.admin;

import com.atlassian.annotations.security.LicensedOnly;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.permission.GlobalPermissionKey;
import com.atlassian.jira.rest.api.http.CacheControl;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.web.session.cluster.SessionInvalidationReplicatedEvent;
import com.atlassian.jira.web.session.currentusers.UserSessionInvalidatedEvent;
import com.atlassian.sal.api.websudo.WebSudoRequired;
import io.atlassian.fugue.Either;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.enums.ParameterIn;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;

@Path("user/session")
@Consumes({"application/json"})
@Produces({"application/json"})
@LicensedOnly
/* loaded from: input_file:com/atlassian/jira/rest/v2/admin/UserSessionResource.class */
public class UserSessionResource {
    private final EventPublisher eventPublisher;
    private final UserManager userManager;
    private final JiraAuthenticationContext authContext;
    private final GlobalPermissionManager permissionManager;

    @Inject
    public UserSessionResource(EventPublisher eventPublisher, UserManager userManager, JiraAuthenticationContext jiraAuthenticationContext, GlobalPermissionManager globalPermissionManager) {
        this.eventPublisher = eventPublisher;
        this.userManager = userManager;
        this.authContext = jiraAuthenticationContext;
        this.permissionManager = globalPermissionManager;
    }

    @Path("{username}")
    @DELETE
    @Operation(summary = "Delete user session", description = "Invalidates session of given user.", security = {@SecurityRequirement(name = "basic")})
    @WebSudoRequired
    @Parameter(name = "username", description = "a String containing username.", in = ParameterIn.PATH, required = true)
    @ApiResponses({@ApiResponse(description = "Returned when the session is invalidated successfully.", responseCode = "200"), @ApiResponse(description = "Returned if the user is not logged.", responseCode = "401"), @ApiResponse(description = "Returned if the user does not have admin permission.", responseCode = "403"), @ApiResponse(description = "Returned if the username does not exist.", responseCode = "404")})
    public Response deleteSession(@PathParam("username") String str) {
        Either<Response.Status, ApplicationUser> prechecks = prechecks(str);
        prechecks.forEach(applicationUser -> {
            this.eventPublisher.publish(new SessionInvalidationReplicatedEvent(applicationUser.getUsername()));
            this.eventPublisher.publish(new UserSessionInvalidatedEvent());
        });
        return Response.status((Response.Status) prechecks.fold(status -> {
            return status;
        }, applicationUser2 -> {
            return Response.Status.OK;
        })).cacheControl(CacheControl.never()).build();
    }

    private Either<Response.Status, ApplicationUser> prechecks(String str) {
        ApplicationUser loggedInUser = this.authContext.getLoggedInUser();
        if (loggedInUser == null) {
            return Either.left(Response.Status.UNAUTHORIZED);
        }
        if (!(this.permissionManager.hasPermission(GlobalPermissionKey.ADMINISTER, loggedInUser) || this.permissionManager.hasPermission(GlobalPermissionKey.SYSTEM_ADMIN, loggedInUser))) {
            return Either.left(Response.Status.FORBIDDEN);
        }
        ApplicationUser userByName = this.userManager.getUserByName(str);
        return userByName == null ? Either.left(Response.Status.NOT_FOUND) : Either.right(userByName);
    }
}
