package com.suncode.pwfl.web.controller.api.administration.user.security;

import com.google.common.collect.ImmutableMap;
import com.plusmpm.util.SessionManager;
import com.suncode.pwfl.administration.configuration.DefinedSystemParameter;
import com.suncode.pwfl.administration.configuration.SystemProperties;
import com.suncode.pwfl.administration.user.User;
import com.suncode.pwfl.administration.user.UserService;
import com.suncode.pwfl.administration.user.security.service.PasswordRecoveryService;
import com.suncode.pwfl.administration.user.security.service.UserPasswordHistoryService;
import com.suncode.pwfl.audit.builder.AuditBuilder;
import com.suncode.pwfl.audit.util.AuditTypes;
import com.suncode.pwfl.workflow.EmailSupportServiceImpl;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping({"password"})
@Controller
/* loaded from: input_file:com/suncode/pwfl/web/controller/api/administration/user/security/UserPasswordController.class */
public class UserPasswordController {
    private static final Logger log = LoggerFactory.getLogger(UserPasswordController.class);

    @Autowired
    private UserPasswordHistoryService passwordHistoryService;

    @Autowired
    private UserService userService;

    @Autowired
    private PasswordRecoveryService passwordRecoveryService;

    @Autowired
    private EmailSupportServiceImpl emailSupportService;

    @RequestMapping(value = {"available"}, method = {RequestMethod.POST})
    @ResponseBody
    public Map<String, Object> isPasswordAvailable(HttpSession httpSession, @RequestParam("username") String str, @RequestParam("password") String str2) {
        User user = this.userService.getUser(str, new String[]{"groups"});
        Assert.notNull(user);
        return ImmutableMap.of("newPasswordAvailable", Boolean.valueOf(this.passwordHistoryService.findPasswords(user, this.userService.hashPassword(str2)).isEmpty()));
    }

    @RequestMapping(value = {"change"}, method = {RequestMethod.POST})
    @ResponseBody
    public ResponseEntity<Map<String, Object>> changePassword(HttpServletRequest httpServletRequest, HttpSession httpSession, @RequestParam("username") String str, @RequestParam("currentPassword") String str2, @RequestParam("password") String str3) {
        String str4 = (String) httpSession.getAttribute("username");
        AuditBuilder params = AuditBuilder.getInstance().type(AuditTypes.AUDIT_CHANGE_PASSWORD).params(ImmutableMap.of("username", str));
        User user = this.userService.getUser(str, new String[0]);
        Assert.notNull(user);
        if (!user.getPassword().equals(this.userService.hashPassword(str2))) {
            httpServletRequest.setAttribute("audit", params.success(false).build());
            return new ResponseEntity<>(ImmutableMap.of("incorrectCurrentPassword", true), HttpStatus.NOT_ACCEPTABLE);
        }
        this.userService.changeUserPassword(str, str3);
        if (str.equals(str4)) {
            httpSession.setAttribute("password", str3);
        }
        httpSession.removeAttribute("changePasswordUser");
        SessionManager.invalidateSession(str, true);
        httpServletRequest.setAttribute("audit", params.success(true).build());
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @RequestMapping(value = {"change/recovery"}, method = {RequestMethod.POST})
    @ResponseBody
    public ResponseEntity<Map<String, Object>> changePasswordByRecovery(HttpServletRequest httpServletRequest, HttpSession httpSession, @RequestParam("uuid") String str, @RequestParam("password") String str2) {
        AuditBuilder type = AuditBuilder.getInstance().type(AuditTypes.AUDIT_USER_CHANGE_PASSWORD_RECOVERY);
        Assert.isTrue(SystemProperties.getBoolean(DefinedSystemParameter.PASSWORD_RECOVERY_ENABLED).booleanValue());
        Assert.isTrue(StringUtils.isNotEmpty(str));
        Optional findForUser = this.passwordRecoveryService.findForUser(str);
        if (!findForUser.isPresent()) {
            httpServletRequest.setAttribute("audit", type.success(false).build());
            return new ResponseEntity<>(ImmutableMap.of("incorrectUuid", true), HttpStatus.NOT_ACCEPTABLE);
        }
        String str3 = (String) findForUser.get();
        type.params(ImmutableMap.of("username", str3));
        Assert.notNull(this.userService.getUser(str3, new String[0]));
        this.userService.changeUserPassword(str3, str2);
        httpSession.removeAttribute("changePasswordUser");
        this.passwordRecoveryService.invalidateForUser(str3);
        httpServletRequest.setAttribute("audit", type.success(true).build());
        return new ResponseEntity<>(HttpStatus.OK);
    }

    @RequestMapping(value = {"recovery/request"}, method = {RequestMethod.POST})
    @ResponseBody
    public ResponseEntity<?> requestPasswordRecovery(HttpServletRequest httpServletRequest, HttpSession httpSession, @RequestParam("username") String str, @RequestParam("email") String str2) {
        AuditBuilder success = AuditBuilder.getInstance().type(AuditTypes.AUDIT_USER_REQUEST_PASSWORD_RECOVERY).params(ImmutableMap.of("username", str, "useremail", str2)).success(false);
        if (!SystemProperties.getBoolean(DefinedSystemParameter.PASSWORD_RECOVERY_ENABLED).booleanValue()) {
            log.warn("Password recovery is not available");
            httpServletRequest.setAttribute("audit", success.build());
            return new ResponseEntity<>(ImmutableMap.of("passwordRecoveryUnavailable", true), HttpStatus.NOT_ACCEPTABLE);
        }
        User user = this.userService.getUser(str, new String[0]);
        if (user == null) {
            log.warn("User {} not found");
            httpServletRequest.setAttribute("audit", success.build());
            return new ResponseEntity<>(ImmutableMap.of("userNotFound", true), HttpStatus.NOT_ACCEPTABLE);
        }
        if (!this.emailSupportService.hasEmailAddress(user)) {
            log.warn("Password recovery for user {} is not available cause of empty email address");
            httpServletRequest.setAttribute("audit", success.build());
            return new ResponseEntity<>(ImmutableMap.of("notDefinedEmail", true), HttpStatus.NOT_ACCEPTABLE);
        }
        if (!str2.equals(user.getEmail())) {
            log.warn("Email {} doesn't match for user {}", str2, str);
            httpServletRequest.setAttribute("audit", success.build());
            return new ResponseEntity<>(ImmutableMap.of("incorrectEmail", true), HttpStatus.NOT_ACCEPTABLE);
        }
        try {
            this.passwordRecoveryService.sendPasswordRecoveryEmail(user);
            httpSession.setAttribute("changePasswordUser", str);
            httpServletRequest.setAttribute("audit", success.success(true).build());
            return new ResponseEntity<>(HttpStatus.OK);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            httpServletRequest.setAttribute("audit", success.build());
            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }
}
