package org.cloudfoundry.identity.uaa.login;

import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.error.UaaException;
import org.cloudfoundry.identity.uaa.login.ExpiringCodeService;
import org.cloudfoundry.identity.uaa.oauth.Claims;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException;
import org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator;
import org.cloudfoundry.identity.uaa.user.UaaAuthority;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.hibernate.validator.constraints.Email;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

@RequestMapping({"/invitations"})
@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-login-2.4.0.jar:org/cloudfoundry/identity/uaa/login/InvitationsController.class */
public class InvitationsController {
    private InvitationsService invitationsService;

    @Autowired
    @Qualifier("uaaPasswordValidator")
    private PasswordValidator passwordValidator;

    @Autowired
    private ExpiringCodeService expiringCodeService;

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-login-2.4.0.jar:org/cloudfoundry/identity/uaa/login/InvitationsController$ValidEmail.class */
    public static class ValidEmail {

        @Email
        String email;

        public String getEmail() {
            return this.email;
        }

        public void setEmail(String str) {
            this.email = str;
        }
    }

    public InvitationsController(InvitationsService invitationsService) {
        this.invitationsService = invitationsService;
    }

    @RequestMapping(value = {"/new"}, method = {RequestMethod.GET})
    public String newInvitePage(Model model) {
        return "invitations/new_invite";
    }

    @RequestMapping(value = {"/new.do"}, method = {RequestMethod.POST}, params = {"email"})
    public String sendInvitationEmail(@Valid @ModelAttribute("email") ValidEmail validEmail, BindingResult bindingResult, Model model, HttpServletResponse httpServletResponse) {
        if (bindingResult.hasErrors()) {
            return handleUnprocessableEntity(model, httpServletResponse, "error_message_code", "invalid_email", "invitations/new_invite");
        }
        try {
            this.invitationsService.inviteUser(validEmail.getEmail(), ((UaaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getName());
            return "redirect:sent";
        } catch (UaaException e) {
            return handleUnprocessableEntity(model, httpServletResponse, "error_message_code", "existing_user", "invitations/new_invite");
        }
    }

    @RequestMapping(value = {"sent"}, method = {RequestMethod.GET})
    public String inviteSentPage(Model model) {
        return "invitations/invite_sent";
    }

    @RequestMapping(value = {"/accept"}, method = {RequestMethod.GET}, params = {"code"})
    public String acceptInvitePage(@RequestParam String str, Model model, HttpServletResponse httpServletResponse) throws IOException {
        try {
            Map<String, String> verifyCode = this.expiringCodeService.verifyCode(str);
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(new UaaPrincipal(verifyCode.get(Claims.USER_ID), verifyCode.get("email"), verifyCode.get("email"), Origin.UAA, null, IdentityZoneHolder.get().getId()), null, UaaAuthority.USER_AUTHORITIES));
            model.addAllAttributes(verifyCode);
            return "invitations/accept_invite";
        } catch (ExpiringCodeService.CodeNotFoundException e) {
            return handleUnprocessableEntity(model, httpServletResponse, "error_message_code", "code_expired", "invitations/accept_invite");
        }
    }

    @RequestMapping(value = {"/accept.do"}, method = {RequestMethod.POST})
    public String acceptInvitation(@RequestParam("password") String str, @RequestParam("password_confirmation") String str2, @RequestParam("client_id") String str3, Model model, HttpServletResponse httpServletResponse) throws IOException {
        PasswordConfirmationValidation passwordConfirmationValidation = new PasswordConfirmationValidation(str, str2);
        UaaPrincipal uaaPrincipal = (UaaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        if (!passwordConfirmationValidation.valid()) {
            model.addAttribute("email", uaaPrincipal.getEmail());
            return handleUnprocessableEntity(model, httpServletResponse, "error_message_code", passwordConfirmationValidation.getMessageCode(), "invitations/accept_invite");
        }
        try {
            this.passwordValidator.validate(str);
            String acceptInvitation = this.invitationsService.acceptInvitation(uaaPrincipal.getId(), uaaPrincipal.getEmail(), str, str3);
            return acceptInvitation != null ? "redirect:" + acceptInvitation : "redirect:/home";
        } catch (InvalidPasswordException e) {
            model.addAttribute("email", uaaPrincipal.getEmail());
            return handleUnprocessableEntity(model, httpServletResponse, "error_message", e.getMessagesAsOneString(), "invitations/accept_invite");
        }
    }

    private String handleUnprocessableEntity(Model model, HttpServletResponse httpServletResponse, String str, String str2, String str3) {
        model.addAttribute(str, str2);
        httpServletResponse.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
        return str3;
    }
}
