package org.apereo.cas.pm.web;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import jakarta.servlet.http.HttpServletRequest;
import java.net.URL;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CasViewConstants;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.credential.BasicIdentifiableCredential;
import org.apereo.cas.authentication.principal.NullPrincipal;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.email.EmailProperties;
import org.apereo.cas.configuration.model.support.sms.SmsProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.notifications.CommunicationsManager;
import org.apereo.cas.notifications.mail.EmailCommunicationResult;
import org.apereo.cas.notifications.mail.EmailMessageBodyBuilder;
import org.apereo.cas.notifications.mail.EmailMessageRequest;
import org.apereo.cas.notifications.sms.SmsBodyBuilder;
import org.apereo.cas.notifications.sms.SmsRequest;
import org.apereo.cas.pm.PasswordManagementQuery;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.pm.PasswordResetUrlBuilder;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.web.BaseCasRestActuatorEndpoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.endpoint.Access;
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.support.RequestContextUtils;

@Endpoint(id = "passwordManagement", defaultAccess = Access.NONE)
/* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-7.2.0-RC4.jar:org/apereo/cas/pm/web/PasswordManagementEndpoint.class */
public class PasswordManagementEndpoint extends BaseCasRestActuatorEndpoint {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PasswordManagementEndpoint.class);
    protected static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();
    protected final ObjectProvider<CommunicationsManager> communicationsManager;
    protected final ObjectProvider<PasswordManagementService> passwordManagementService;
    protected final ObjectProvider<PasswordResetUrlBuilder> passwordResetUrlBuilder;
    protected final ObjectProvider<ServiceFactory<WebApplicationService>> serviceFactory;
    protected final ObjectProvider<ServicesManager> servicesManager;
    protected final ObjectProvider<PrincipalResolver> principalResolver;
    protected final ObjectProvider<AuthenticationSystemSupport> authenticationSystemSupport;
    private final ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;

    public PasswordManagementEndpoint(CasConfigurationProperties casConfigurationProperties, ConfigurableApplicationContext configurableApplicationContext, ObjectProvider<CommunicationsManager> objectProvider, ObjectProvider<PasswordManagementService> objectProvider2, ObjectProvider<PasswordResetUrlBuilder> objectProvider3, ObjectProvider<ServiceFactory<WebApplicationService>> objectProvider4, ObjectProvider<ServicesManager> objectProvider5, ObjectProvider<PrincipalResolver> objectProvider6, ObjectProvider<AuthenticationSystemSupport> objectProvider7, ObjectProvider<AuditableExecution> objectProvider8) {
        super(casConfigurationProperties, configurableApplicationContext);
        this.communicationsManager = objectProvider;
        this.passwordManagementService = objectProvider2;
        this.passwordResetUrlBuilder = objectProvider3;
        this.serviceFactory = objectProvider4;
        this.servicesManager = objectProvider5;
        this.principalResolver = objectProvider6;
        this.authenticationSystemSupport = objectProvider7;
        this.registeredServiceAccessStrategyEnforcer = objectProvider8;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.pm.PasswordManagementQuery$PasswordManagementQueryBuilder] */
    /* JADX WARN: Type inference failed for: r0v29, types: [org.apereo.cas.audit.AuditableContext$AuditableContextBuilder] */
    @PostMapping(path = {"/reset/{username}"}, produces = {"application/json"})
    @Operation(summary = "Initiate a password reset operation and notify the user", parameters = {@Parameter(name = "username", description = "The username to reset the password for"), @Parameter(name = "service", description = "The service requesting the password reset")})
    public ResponseEntity passwordReset(@PathVariable("username") String str, @RequestParam("service") String str2, HttpServletRequest httpServletRequest) throws Throwable {
        PasswordManagementQuery build = PasswordManagementQuery.builder().username(str).build();
        String findEmail = this.passwordManagementService.getObject().findEmail(build);
        String findPhone = this.passwordManagementService.getObject().findPhone(build);
        if (StringUtils.isBlank(findEmail) && StringUtils.isBlank(findPhone)) {
            String formatted = "No recipient is provided with a valid email/phone for %s".formatted(str);
            LOGGER.warn(formatted);
            return ResponseEntity.unprocessableEntity().body(formatted);
        }
        WebApplicationService createService = this.serviceFactory.getObject().createService(str2);
        RegisteredService findServiceBy = this.servicesManager.getObject().findServiceBy(createService);
        Principal resolvedPrincipal = resolvedPrincipal(str);
        this.registeredServiceAccessStrategyEnforcer.getObject().execute(AuditableContext.builder().registeredService(findServiceBy).service(createService).principal(resolvedPrincipal).httpRequest(httpServletRequest).build()).throwExceptionIfNeeded();
        URL build2 = this.passwordResetUrlBuilder.getObject().build(str, createService);
        LOGGER.debug("Generated password reset URL [{}]; Link is only active for the next [{}] minute(s)", build2, Beans.newDuration(this.casProperties.getAuthn().getPm().getReset().getExpiration()));
        return (sendPasswordResetEmailToAccount(resolvedPrincipal, findEmail, build2, httpServletRequest).isSuccess() || sendPasswordResetSmsToAccount(findPhone, build2)) ? ResponseEntity.ok().build() : ResponseEntity.unprocessableEntity().body("Failed to send password reset instructions to %s".formatted(str));
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [org.apereo.cas.notifications.sms.SmsBodyBuilder$SmsBodyBuilderBuilder] */
    /* JADX WARN: Type inference failed for: r0v16, types: [org.apereo.cas.notifications.sms.SmsRequest$SmsRequestBuilder] */
    protected boolean sendPasswordResetSmsToAccount(String str, URL url) throws Throwable {
        if (!StringUtils.isNotBlank(str)) {
            return false;
        }
        LOGGER.debug("Sending password reset URL [{}] via SMS to [{}]", url.toExternalForm(), str);
        SmsProperties sms = this.casProperties.getAuthn().getPm().getReset().getSms();
        return this.communicationsManager.getObject().sms(SmsRequest.builder().from(sms.getFrom()).to(List.of(str)).text(SmsBodyBuilder.builder().properties(sms).parameters(Map.of("url", url.toExternalForm())).build().get()).build());
    }

    protected Principal resolvedPrincipal(String str) throws Throwable {
        Principal resolve = this.principalResolver.getObject().resolve(new BasicIdentifiableCredential(str));
        return resolve instanceof NullPrincipal ? this.authenticationSystemSupport.getObject().getPrincipalFactory().createPrincipal(str) : resolve;
    }

    /* JADX WARN: Type inference failed for: r0v13, types: [org.apereo.cas.notifications.mail.EmailMessageBodyBuilder$EmailMessageBodyBuilderBuilder] */
    /* JADX WARN: Type inference failed for: r0v20, types: [org.apereo.cas.notifications.mail.EmailMessageRequest$EmailMessageRequestBuilder] */
    protected EmailCommunicationResult sendPasswordResetEmailToAccount(Principal principal, String str, URL url, HttpServletRequest httpServletRequest) {
        EmailProperties mail = this.casProperties.getAuthn().getPm().getReset().getMail();
        Map wrap = CollectionUtils.wrap("url", url.toExternalForm(), CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL, principal);
        Optional<Locale> map = Optional.ofNullable(RequestContextUtils.getLocaleResolver(httpServletRequest)).map(localeResolver -> {
            return localeResolver.resolveLocale(httpServletRequest);
        });
        String str2 = EmailMessageBodyBuilder.builder().properties(mail).parameters(wrap).locale(map).build().get();
        LOGGER.debug("Sending password reset URL [{}] via email to [{}] for username [{}]", url, str, principal.getId());
        return this.communicationsManager.getObject().email(EmailMessageRequest.builder().emailProperties(mail).principal(principal).to(List.of(str)).locale(map.orElseGet(Locale::getDefault)).body(str2).build());
    }
}
