package org.cloudfoundry.identity.uaa.account;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.error.UaaException;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.hibernate.validator.constraints.Email;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.10.1.jar:org/cloudfoundry/identity/uaa/account/ChangeEmailController.class */
public class ChangeEmailController {
    private final ChangeEmailService changeEmailService;
    private UaaUserDatabase uaaUserDatabase;

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.10.1.jar:org/cloudfoundry/identity/uaa/account/ChangeEmailController$ValidEmail.class */
    public static class ValidEmail {

        @Email
        String newEmail;

        public String getNewEmail() {
            return this.newEmail;
        }

        public void setNewEmail(String str) {
            this.newEmail = str;
        }
    }

    public void setUaaUserDatabase(UaaUserDatabase uaaUserDatabase) {
        this.uaaUserDatabase = uaaUserDatabase;
    }

    public ChangeEmailController(ChangeEmailService changeEmailService) {
        this.changeEmailService = changeEmailService;
    }

    @RequestMapping(value = {"/change_email"}, method = {RequestMethod.GET})
    public String changeEmailPage(Model model, @RequestParam(value = "client_id", required = false) String str, @RequestParam(value = "redirect_uri", required = false) String str2) {
        model.addAttribute("email", ((UaaPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getEmail());
        model.addAttribute("client_id", str);
        model.addAttribute(OAuth2Utils.REDIRECT_URI, str2);
        return "change_email";
    }

    @RequestMapping(value = {"/change_email.do"}, method = {RequestMethod.POST})
    public String changeEmail(Model model, @Valid @ModelAttribute("newEmail") ValidEmail validEmail, BindingResult bindingResult, @RequestParam(required = false, value = "client_id") String str, @RequestParam(required = false, value = "redirect_uri") String str2, RedirectAttributes redirectAttributes, HttpServletResponse httpServletResponse) {
        SecurityContext context = SecurityContextHolder.getContext();
        if (bindingResult.hasErrors()) {
            model.addAttribute("error_message_code", "invalid_email");
            model.addAttribute("email", ((UaaPrincipal) context.getAuthentication().getPrincipal()).getEmail());
            httpServletResponse.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
            return "change_email";
        }
        if (!((UaaPrincipal) context.getAuthentication().getPrincipal()).getOrigin().equals(OriginKeys.UAA)) {
            redirectAttributes.addAttribute("error_message_code", "email_change.non-uaa-origin");
            return "redirect:profile";
        }
        try {
            this.changeEmailService.beginEmailChange(((UaaPrincipal) context.getAuthentication().getPrincipal()).getId(), ((UaaPrincipal) context.getAuthentication().getPrincipal()).getName(), validEmail.getNewEmail(), str, str2);
            return "redirect:email_sent?code=email_change";
        } catch (UaaException e) {
            if (e.getHttpStatus() != 409) {
                return "redirect:email_sent?code=email_change";
            }
            model.addAttribute("error_message_code", "username_exists");
            model.addAttribute("email", ((UaaPrincipal) context.getAuthentication().getPrincipal()).getEmail());
            httpServletResponse.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
            return "change_email";
        }
    }

    @RequestMapping(value = {"/verify_email"}, method = {RequestMethod.GET})
    public String verifyEmail(Model model, @RequestParam("code") String str, RedirectAttributes redirectAttributes, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        try {
            Map<String, String> completeVerification = this.changeEmailService.completeVerification(str);
            try {
                UaaUser retrieveUserById = this.uaaUserDatabase.retrieveUserById(completeVerification.get("userId"));
                String str2 = completeVerification.get("redirect_url");
                if (!(SecurityContextHolder.getContext().getAuthentication() instanceof UaaAuthentication)) {
                    return str2 == null ? "redirect:login?success=change_email_success" : "redirect:login?success=change_email_success&form_redirect_uri=" + str2;
                }
                if (((UaaAuthentication) SecurityContextHolder.getContext().getAuthentication()).getPrincipal().getId().equals(retrieveUserById.getId())) {
                    SecurityContextHolder.getContext().setAuthentication(new UaaAuthentication(new UaaPrincipal(retrieveUserById), retrieveUserById.getAuthorities(), new UaaAuthenticationDetails(httpServletRequest)));
                }
                if (str2 == null) {
                    str2 = "profile";
                    redirectAttributes.addAttribute("success_message_code", "email_change.success");
                }
                return "redirect:" + str2;
            } catch (UsernameNotFoundException e) {
                return handleExceptionConsideringAuthentication(model, httpServletResponse);
            }
        } catch (UaaException e2) {
            return handleExceptionConsideringAuthentication(model, httpServletResponse);
        }
    }

    private String handleExceptionConsideringAuthentication(Model model, HttpServletResponse httpServletResponse) {
        if (!(SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken)) {
            return "redirect:profile?error_message_code=email_change.invalid_code";
        }
        model.addAttribute("error_message_code", "email_change.invalid_code");
        httpServletResponse.setStatus(422);
        return "error";
    }
}
