package org.sonar.server.user.ws;

import com.google.common.base.Preconditions;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.Response;
import org.sonar.api.server.ws.WebService;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
import org.sonar.server.user.UpdateUser;
import org.sonar.server.user.UserSession;
import org.sonar.server.user.UserUpdater;

/* loaded from: input_file:org/sonar/server/user/ws/ChangePasswordAction.class */
public class ChangePasswordAction implements UsersWsAction {
    private static final String PARAM_LOGIN = "login";
    private static final String PARAM_PASSWORD = "password";
    private static final String PARAM_PREVIOUS_PASSWORD = "previousPassword";
    private final DbClient dbClient;
    private final UserUpdater userUpdater;
    private final UserSession userSession;

    public ChangePasswordAction(DbClient dbClient, UserUpdater userUpdater, UserSession userSession) {
        this.dbClient = dbClient;
        this.userUpdater = userUpdater;
        this.userSession = userSession;
    }

    public void define(WebService.NewController newController) {
        WebService.NewAction handler = newController.createAction("change_password").setDescription("Update a user's password. Authenticated users can change their own password, provided that the account is not linked to an external authentication system. Administer System permission is required to change another user's password.").setSince("5.2").setPost(true).setHandler(this);
        handler.createParam("login").setDescription("User login").setRequired(true).setExampleValue("myuser");
        handler.createParam(PARAM_PASSWORD).setDescription("New password").setRequired(true).setExampleValue("mypassword");
        handler.createParam(PARAM_PREVIOUS_PASSWORD).setDescription("Previous password. Required when changing one's own password.").setRequired(false).setExampleValue("oldpassword");
    }

    public void handle(Request request, Response response) throws Exception {
        this.userSession.checkLoggedIn();
        DbSession openSession = this.dbClient.openSession(false);
        Throwable th = null;
        try {
            String mandatoryParam = request.mandatoryParam("login");
            if (mandatoryParam.equals(this.userSession.getLogin())) {
                checkCurrentPassword(openSession, mandatoryParam, request.mandatoryParam(PARAM_PREVIOUS_PASSWORD));
            } else {
                this.userSession.checkIsSystemAdministrator();
            }
            this.userUpdater.updateAndCommit(openSession, UpdateUser.create(mandatoryParam).setPassword(request.mandatoryParam(PARAM_PASSWORD)), userDto -> {
            });
            if (openSession != null) {
                if (0 != 0) {
                    try {
                        openSession.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openSession.close();
                }
            }
            response.noContent();
        } catch (Throwable th3) {
            if (openSession != null) {
                if (0 != 0) {
                    try {
                        openSession.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openSession.close();
                }
            }
            throw th3;
        }
    }

    private void checkCurrentPassword(DbSession dbSession, String str, String str2) {
        UserDto selectOrFailByLogin = this.dbClient.userDao().selectOrFailByLogin(dbSession, str);
        Preconditions.checkArgument(UserDto.encryptPassword(str2, selectOrFailByLogin.getSalt()).equals(selectOrFailByLogin.getCryptedPassword()), "Incorrect password");
    }
}
