package org.cloudfoundry.identity.uaa.account;

import java.io.IOException;
import java.sql.Timestamp;
import java.util.HashMap;
import org.cloudfoundry.identity.uaa.account.ResetPasswordService;
import org.cloudfoundry.identity.uaa.authentication.InvalidCodeException;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.oauth.UaaTokenStore;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimException;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.web.ConvertingExceptionView;
import org.cloudfoundry.identity.uaa.web.ExceptionReport;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.View;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.16.0.jar:org/cloudfoundry/identity/uaa/account/PasswordResetEndpoint.class */
public class PasswordResetEndpoint {
    private final ResetPasswordService resetPasswordService;
    private HttpMessageConverter<?>[] messageConverters = (HttpMessageConverter[]) new RestTemplate().getMessageConverters().toArray(new HttpMessageConverter[0]);
    private ExpiringCodeStore codeStore;

    public PasswordResetEndpoint(ResetPasswordService resetPasswordService) {
        this.resetPasswordService = resetPasswordService;
    }

    public void setMessageConverters(HttpMessageConverter<?>[] httpMessageConverterArr) {
        this.messageConverters = httpMessageConverterArr;
    }

    @RequestMapping(value = {"/password_resets"}, method = {RequestMethod.POST})
    public ResponseEntity<PasswordResetResponse> resetPassword(@RequestBody String str, @RequestParam(required = false, value = "client_id") String str2, @RequestParam(required = false, value = "redirect_uri") String str3) throws IOException {
        if (str2 == null) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication instanceof OAuth2Authentication) {
                str2 = ((OAuth2Authentication) authentication).getOAuth2Request().getClientId();
            }
        }
        PasswordResetResponse passwordResetResponse = new PasswordResetResponse();
        try {
            ForgotPasswordInfo forgotPassword = this.resetPasswordService.forgotPassword(str, str2, str3);
            passwordResetResponse.setChangeCode(forgotPassword.getResetPasswordCode().getCode());
            passwordResetResponse.setUserId(forgotPassword.getUserId());
            return new ResponseEntity<>(passwordResetResponse, HttpStatus.CREATED);
        } catch (ConflictException e) {
            passwordResetResponse.setUserId(e.getUserId());
            return new ResponseEntity<>(passwordResetResponse, HttpStatus.CONFLICT);
        } catch (NotFoundException e2) {
            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
        }
    }

    private ExpiringCode getExpiringCode(String str) {
        ExpiringCode retrieveCode = this.codeStore.retrieveCode(str, IdentityZoneHolder.get().getId());
        if (retrieveCode == null) {
            throw new InvalidCodeException("invalid_code", "Sorry, your reset password link is no longer valid. Please request a new one", 422);
        }
        return retrieveCode;
    }

    @RequestMapping(value = {"/password_change"}, method = {RequestMethod.POST})
    public ResponseEntity<LostPasswordChangeResponse> changePassword(@RequestBody LostPasswordChangeRequest lostPasswordChangeRequest) {
        if (lostPasswordChangeRequest.getChangeCode() == null) {
            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
        }
        try {
            ResetPasswordService.ResetPasswordResponse resetPassword = this.resetPasswordService.resetPassword(getExpiringCode(lostPasswordChangeRequest.getChangeCode()), lostPasswordChangeRequest.getNewPassword());
            ScimUser user = resetPassword.getUser();
            ExpiringCode code = getCode(user.getId(), user.getUserName(), resetPassword.getClientId());
            LostPasswordChangeResponse lostPasswordChangeResponse = new LostPasswordChangeResponse();
            lostPasswordChangeResponse.setUserId(user.getId());
            lostPasswordChangeResponse.setUsername(user.getUserName());
            lostPasswordChangeResponse.setEmail(user.getPrimaryEmail());
            lostPasswordChangeResponse.setLoginCode(code.getCode());
            return new ResponseEntity<>(lostPasswordChangeResponse, HttpStatus.OK);
        } catch (InvalidCodeException | InvalidPasswordException e) {
            throw e;
        } catch (ScimResourceNotFoundException e2) {
            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
        } catch (BadCredentialsException e3) {
            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
        } catch (Exception e4) {
            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }

    private ExpiringCode getCode(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put("user_id", str);
        hashMap.put("username", str2);
        hashMap.put("client_id", str3);
        hashMap.put("origin", OriginKeys.UAA);
        return this.codeStore.generateCode(JsonUtils.writeValueAsString(hashMap), new Timestamp(System.currentTimeMillis() + UaaTokenStore.EXPIRATION_TIME), ExpiringCodeType.AUTOLOGIN.name(), IdentityZoneHolder.get().getId());
    }

    @ExceptionHandler({InvalidPasswordException.class})
    public View handleException(InvalidPasswordException invalidPasswordException) throws ScimException {
        return new ConvertingExceptionView(new ResponseEntity(new ExceptionReport(invalidPasswordException, false), HttpStatus.UNPROCESSABLE_ENTITY), this.messageConverters);
    }

    @ExceptionHandler({InvalidCodeException.class})
    public View handleCodeException(InvalidCodeException invalidCodeException) throws ScimException {
        return new ConvertingExceptionView(new ResponseEntity(new ExceptionReport(invalidCodeException, false), HttpStatus.UNPROCESSABLE_ENTITY), this.messageConverters);
    }

    public void setCodeStore(ExpiringCodeStore expiringCodeStore) {
        this.codeStore = expiringCodeStore;
    }
}
