package org.cloudfoundry.identity.uaa.login;

import java.io.IOException;
import java.util.LinkedList;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xalan.templates.Constants;
import org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation;
import org.cloudfoundry.identity.uaa.account.ResetPasswordService;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException;
import org.cloudfoundry.identity.uaa.web.UaaSavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.core.io.support.ResourcePropertySource;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.8.3.jar:org/cloudfoundry/identity/uaa/login/ForcePasswordChangeController.class */
public class ForcePasswordChangeController {
    private ResourcePropertySource resourcePropertySource;
    public static final String FORCE_PASSWORD_EXPIRED_USER = "FORCE_PASSWORD_EXPIRED_USER";
    private Log logger = LogFactory.getLog(getClass());

    @Autowired
    @Qualifier("accountSavingAuthenticationSuccessHandler")
    private AccountSavingAuthenticationSuccessHandler successHandler;

    @Autowired
    @Qualifier("resetPasswordService")
    private ResetPasswordService resetPasswordService;

    public void setSuccessHandler(AccountSavingAuthenticationSuccessHandler accountSavingAuthenticationSuccessHandler) {
        this.successHandler = accountSavingAuthenticationSuccessHandler;
    }

    @RequestMapping(value = {"/force_password_change"}, method = {RequestMethod.GET})
    public String forcePasswordChangePage(Model model, HttpSession httpSession) throws IOException {
        if (httpSession.getAttribute(FORCE_PASSWORD_EXPIRED_USER) == null) {
            return "redirect:/login";
        }
        model.addAttribute("email", ((UaaAuthentication) httpSession.getAttribute(FORCE_PASSWORD_EXPIRED_USER)).getPrincipal().getEmail());
        return "force_password_change";
    }

    @RequestMapping(value = {"/force_password_change"}, method = {RequestMethod.POST})
    public String handleForcePasswordChange(Model model, @RequestParam("password") String str, @RequestParam("password_confirmation") String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws IOException {
        if (httpSession.getAttribute(FORCE_PASSWORD_EXPIRED_USER) == null) {
            return "redirect:" + httpServletRequest.getContextPath() + DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL;
        }
        UaaAuthentication uaaAuthentication = (UaaAuthentication) httpSession.getAttribute(FORCE_PASSWORD_EXPIRED_USER);
        UaaPrincipal principal = uaaAuthentication.getPrincipal();
        String email = principal.getEmail();
        if (!new PasswordConfirmationValidation(email, str, str2).valid()) {
            return handleUnprocessableEntity(model, httpServletResponse, email, this.resourcePropertySource.getProperty("force_password_change.form_error").toString());
        }
        this.logger.debug("Processing handleForcePasswordChange for user: " + email);
        try {
            this.resetPasswordService.resetUserPassword(principal.getId(), str);
            SavedRequest savedRequest = (SavedRequest) httpServletRequest.getSession().getAttribute(UaaSavedRequestAwareAuthenticationSuccessHandler.SAVED_REQUEST_SESSION_ATTRIBUTE);
            httpServletRequest.getSession().invalidate();
            httpServletRequest.getSession(true);
            if (uaaAuthentication instanceof UaaAuthentication) {
                uaaAuthentication = new UaaAuthentication(uaaAuthentication.getPrincipal(), new LinkedList(uaaAuthentication.getAuthorities()), new UaaAuthenticationDetails(httpServletRequest));
                Optional.ofNullable(this.successHandler).ifPresent(accountSavingAuthenticationSuccessHandler -> {
                    accountSavingAuthenticationSuccessHandler.setSavedAccountOptionCookie(httpServletRequest, httpServletResponse, uaaAuthentication);
                });
            }
            SecurityContextHolder.getContext().setAuthentication(uaaAuthentication);
            return savedRequest != null ? "redirect:" + savedRequest.getRedirectUrl() : "redirect:/";
        } catch (InvalidPasswordException e) {
            return handleUnprocessableEntity(model, httpServletResponse, email, e.getMessagesAsOneString());
        }
    }

    public void setResetPasswordService(ResetPasswordService resetPasswordService) {
        this.resetPasswordService = resetPasswordService;
    }

    private String handleUnprocessableEntity(Model model, HttpServletResponse httpServletResponse, String str, String str2) {
        model.addAttribute(Constants.ELEMNAME_MESSAGE_STRING, str2);
        model.addAttribute("email", str);
        httpServletResponse.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
        return "force_password_change";
    }

    public void setResourcePropertySource(ResourcePropertySource resourcePropertySource) {
        this.resourcePropertySource = resourcePropertySource;
    }
}
