package org.cloudfoundry.identity.uaa.scim.endpoints;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.cloudfoundry.identity.uaa.error.ConvertingExceptionView;
import org.cloudfoundry.identity.uaa.error.ExceptionReport;
import org.cloudfoundry.identity.uaa.login.ConflictException;
import org.cloudfoundry.identity.uaa.login.ForgotPasswordInfo;
import org.cloudfoundry.identity.uaa.login.NotFoundException;
import org.cloudfoundry.identity.uaa.login.ResetPasswordService;
import org.cloudfoundry.identity.uaa.oauth.Claims;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.View;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-scim-2.4.0.jar:org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpoint.class */
public class PasswordResetEndpoint {
    private final ResetPasswordService resetPasswordService;
    private HttpMessageConverter<?>[] messageConverters = (HttpMessageConverter[]) new RestTemplate().getMessageConverters().toArray(new HttpMessageConverter[0]);

    public PasswordResetEndpoint(ResetPasswordService resetPasswordService) {
        this.resetPasswordService = resetPasswordService;
    }

    public void setMessageConverters(HttpMessageConverter<?>[] httpMessageConverterArr) {
        this.messageConverters = httpMessageConverterArr;
    }

    @RequestMapping(value = {"/password_resets"}, method = {RequestMethod.POST})
    public ResponseEntity<Map<String, String>> resetPassword(@RequestBody String str) throws IOException {
        HashMap hashMap = new HashMap();
        try {
            ForgotPasswordInfo forgotPassword = this.resetPasswordService.forgotPassword(str);
            hashMap.put("code", forgotPassword.getResetPasswordCode().getCode());
            hashMap.put(Claims.USER_ID, forgotPassword.getUserId());
            return new ResponseEntity<>(hashMap, HttpStatus.CREATED);
        } catch (ConflictException e) {
            hashMap.put(Claims.USER_ID, e.getUserId());
            return new ResponseEntity<>(hashMap, HttpStatus.CONFLICT);
        } catch (NotFoundException e2) {
            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
        }
    }

    @RequestMapping(value = {"/password_change"}, method = {RequestMethod.POST})
    public ResponseEntity<Map<String, String>> changePassword(@RequestBody PasswordReset passwordReset) {
        return passwordReset.getCode() != null ? resetPassword(passwordReset.getCode(), passwordReset.getNewPassword()) : new ResponseEntity<>(HttpStatus.BAD_REQUEST);
    }

    private ResponseEntity<Map<String, String>> resetPassword(String str, String str2) {
        try {
            ScimUser resetPassword = this.resetPasswordService.resetPassword(str, str2);
            HashMap hashMap = new HashMap();
            hashMap.put(Claims.USER_ID, resetPassword.getId());
            hashMap.put("username", resetPassword.getUserName());
            hashMap.put("email", resetPassword.getPrimaryEmail());
            return new ResponseEntity<>(hashMap, HttpStatus.OK);
        } catch (InvalidPasswordException e) {
            throw e;
        } catch (ScimResourceNotFoundException e2) {
            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
        } catch (BadCredentialsException e3) {
            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
        } catch (Exception e4) {
            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

    @ExceptionHandler({InvalidPasswordException.class})
    public View handleException(InvalidPasswordException invalidPasswordException) throws ScimException {
        return new ConvertingExceptionView(new ResponseEntity(new ExceptionReport(invalidPasswordException, false), HttpStatus.UNPROCESSABLE_ENTITY), this.messageConverters);
    }
}
