package org.cloudfoundry.identity.uaa.account;

import com.fasterxml.jackson.core.type.TypeReference;
import java.sql.Timestamp;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
import org.cloudfoundry.identity.uaa.message.MessageService;
import org.cloudfoundry.identity.uaa.message.MessageType;
import org.cloudfoundry.identity.uaa.scim.endpoints.PasswordChange;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.thymeleaf.TemplateEngine;
import org.thymeleaf.context.Context;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.25.0.jar:org/cloudfoundry/identity/uaa/account/ResetPasswordController.class */
public class ResetPasswordController {
    protected final Log logger = LogFactory.getLog(getClass());
    private final ResetPasswordService resetPasswordService;
    private final MessageService messageService;
    private final TemplateEngine templateEngine;
    private final ExpiringCodeStore codeStore;
    private final UaaUserDatabase userDatabase;

    public ResetPasswordController(ResetPasswordService resetPasswordService, MessageService messageService, TemplateEngine templateEngine, ExpiringCodeStore expiringCodeStore, UaaUserDatabase uaaUserDatabase) {
        this.resetPasswordService = resetPasswordService;
        this.messageService = messageService;
        this.templateEngine = templateEngine;
        this.codeStore = expiringCodeStore;
        this.userDatabase = uaaUserDatabase;
    }

    @RequestMapping(value = {"/forgot_password"}, method = {RequestMethod.GET})
    public String forgotPasswordPage(Model model, @RequestParam(required = false, value = "client_id") String str, @RequestParam(required = false, value = "redirect_uri") String str2, HttpServletResponse httpServletResponse) {
        if (!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) {
            return handleSelfServiceDisabled(model, httpServletResponse, "error_message_code", "self_service_disabled");
        }
        model.addAttribute("client_id", str);
        model.addAttribute(OAuth2Utils.REDIRECT_URI, str2);
        return "forgot_password";
    }

    @RequestMapping(value = {"/forgot_password.do"}, method = {RequestMethod.POST})
    public String forgotPassword(Model model, @RequestParam("username") String str, @RequestParam(value = "client_id", defaultValue = "") String str2, @RequestParam(value = "redirect_uri", defaultValue = "") String str3, HttpServletResponse httpServletResponse) {
        if (!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) {
            return handleSelfServiceDisabled(model, httpServletResponse, "error_message_code", "self_service_disabled");
        }
        forgotPassword(str, str2, str3);
        return "redirect:email_sent?code=reset_password";
    }

    private void forgotPassword(String str, String str2, String str3) {
        String subjectText = getSubjectText();
        String str4 = null;
        String str5 = null;
        String str6 = null;
        try {
            ForgotPasswordInfo forgotPassword = this.resetPasswordService.forgotPassword(str, str2, str3);
            str5 = forgotPassword.getUserId();
            str6 = forgotPassword.getEmail();
            str4 = getCodeSentEmailHtml(forgotPassword.getResetPasswordCode().getCode());
        } catch (ConflictException e) {
            str6 = e.getEmail();
            str4 = getResetUnavailableEmailHtml(str6);
            str5 = e.getUserId();
        } catch (NotFoundException e2) {
            this.logger.error("User with email address " + str + " not found.");
        }
        if (str4 == null || str5 == null) {
            return;
        }
        this.messageService.sendMessage(str6, MessageType.PASSWORD_RESET, subjectText, str4);
    }

    private String getSubjectText() {
        String serviceName = getServiceName();
        return StringUtils.isEmpty(serviceName) ? "Account password reset request" : serviceName + " account password reset request";
    }

    private String getCodeSentEmailHtml(String str) {
        String uaaUrl = UaaUrlUtils.getUaaUrl("/reset_password");
        Context context = new Context();
        context.setVariable("serviceName", getServiceName());
        context.setVariable("code", str);
        context.setVariable("resetUrl", uaaUrl);
        return this.templateEngine.process("reset_password", context);
    }

    private String getResetUnavailableEmailHtml(String str) {
        String uaaHost = UaaUrlUtils.getUaaHost();
        Context context = new Context();
        context.setVariable("serviceName", getServiceName());
        context.setVariable("email", str);
        context.setVariable("hostname", uaaHost);
        return this.templateEngine.process("reset_password_unavailable", context);
    }

    private String getServiceName() {
        if (!IdentityZoneHolder.get().equals(IdentityZone.getUaa())) {
            return IdentityZoneHolder.get().getName();
        }
        String companyName = IdentityZoneHolder.resolveBranding().getCompanyName();
        return StringUtils.hasText(companyName) ? companyName : "Cloud Foundry";
    }

    @RequestMapping(value = {"/email_sent"}, method = {RequestMethod.GET})
    public String emailSentPage(@ModelAttribute("code") String str) {
        return "email_sent";
    }

    @RequestMapping(value = {"/reset_password"}, method = {RequestMethod.GET}, params = {"code"})
    public String resetPasswordPage(Model model, HttpServletResponse httpServletResponse, @RequestParam("code") String str) {
        ExpiringCode checkIfUserExists = checkIfUserExists(this.codeStore.retrieveCode(str, IdentityZoneHolder.get().getId()));
        if (checkIfUserExists == null) {
            return handleUnprocessableEntity(model, httpServletResponse, "message_code", "bad_code");
        }
        UaaUser retrieveUserById = this.userDatabase.retrieveUserById(((PasswordChange) JsonUtils.readValue(checkIfUserExists.getData(), PasswordChange.class)).getUserId());
        model.addAttribute("code", this.codeStore.generateCode(checkIfUserExists.getData(), new Timestamp(System.currentTimeMillis() + 600000), checkIfUserExists.getIntent(), IdentityZoneHolder.get().getId()).getCode());
        model.addAttribute("email", retrieveUserById.getEmail());
        model.addAttribute("username", retrieveUserById.getUsername());
        return "reset_password";
    }

    private ExpiringCode checkIfUserExists(ExpiringCode expiringCode) {
        if (expiringCode == null) {
            this.logger.debug("reset_password ExpiringCode object is null. Aborting.");
            return null;
        }
        if (!StringUtils.hasText(expiringCode.getData())) {
            this.logger.debug("reset_password ExpiringCode[" + expiringCode.getCode() + "] data string is null or empty. Aborting.");
            return null;
        }
        Map map = (Map) JsonUtils.readValue(expiringCode.getData(), new TypeReference<Map<String, String>>() { // from class: org.cloudfoundry.identity.uaa.account.ResetPasswordController.1
        });
        if (!StringUtils.hasText((String) map.get("user_id"))) {
            this.logger.debug("reset_password ExpiringCode[" + expiringCode.getCode() + "] user_id string is null or empty. Aborting.");
            return null;
        }
        try {
            this.userDatabase.retrieveUserById((String) map.get("user_id"));
            return expiringCode;
        } catch (UsernameNotFoundException e) {
            this.logger.debug("reset_password ExpiringCode[" + expiringCode.getCode() + "] user_id is invalid. Aborting.");
            return null;
        }
    }

    @RequestMapping(value = {"/reset_password.do"}, method = {RequestMethod.POST})
    public void resetPassword(Model model, @RequestParam("code") String str, @RequestParam("email") String str2, @RequestParam("password") String str3, @RequestParam("password_confirmation") String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) {
    }

    private String handleUnprocessableEntity(Model model, HttpServletResponse httpServletResponse, String str, String str2) {
        model.addAttribute(str, str2);
        httpServletResponse.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
        return "forgot_password";
    }

    private String handleSelfServiceDisabled(Model model, HttpServletResponse httpServletResponse, String str, String str2) {
        model.addAttribute(str, str2);
        httpServletResponse.setStatus(HttpStatus.NOT_FOUND.value());
        return "error";
    }
}
