package pl.edu.icm.yadda.repowebeditor.security;

import com.google.common.base.Objects;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.annotation.Resource;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.yadda.aas.client.IPredefinedSubstituteUser;
import pl.edu.icm.yadda.aas.client.ISubstitueUser;
import pl.edu.icm.yadda.repowebeditor.exceptions.UserEmailNotFoundException;
import pl.edu.icm.yadda.repowebeditor.exceptions.WrongTokenException;
import pl.edu.icm.yadda.repowebeditor.model.web.user.PasswordResetForm;
import pl.edu.icm.yadda.repowebeditor.security.model.UserWrapper;
import pl.edu.icm.yadda.repowebeditor.services.RepositoryException;
import pl.edu.icm.yadda.repowebeditor.services.senders.MailToken;
import pl.edu.icm.yadda.repowebeditor.services.senders.MailTokenGenerator;
import pl.edu.icm.yadda.repowebeditor.services.senders.Sender;
import pl.edu.icm.yadda.service2.user.UserCatalog;
import pl.edu.icm.yadda.service2.user.credential.Credential;
import pl.edu.icm.yadda.service2.user.credential.LoginPasswordCredential;
import pl.edu.icm.yadda.service2.user.exception.CredentialNotFoundException;
import pl.edu.icm.yadda.service2.user.model.User;
import pl.edu.icm.yadda.service2.user.model.UserData;

@Component
/* loaded from: input_file:pl/edu/icm/yadda/repowebeditor/security/ResetPasswordService.class */
public class ResetPasswordService {
    private static Logger logger = LoggerFactory.getLogger(ResetPasswordService.class);

    @Autowired
    private UserCatalog userCatalog;

    @Resource(name = "repository_domain")
    private String domain;

    @Autowired
    private MailTokenGenerator mailTokenGenerator;

    @Autowired
    @Qualifier("webEditorSender")
    private Sender sender;

    @Autowired
    @Qualifier("webEditorSubstituteUser")
    private IPredefinedSubstituteUser substituteUser;

    /* loaded from: input_file:pl/edu/icm/yadda/repowebeditor/security/ResetPasswordService$CS.class */
    private static class CS {
        public static final String RESET_PASSWORD_TOKEN_FIELD = "resetPasswordToken";

        private CS() {
        }
    }

    public void sendConfirmationMail(PasswordResetForm passwordResetForm, Locale locale) throws UserEmailNotFoundException {
        UserWrapper userWrapper = getUserWrapper(passwordResetForm.getLogin());
        if (userWrapper.notExists() || userWrapper.doesNotHaveEmail(passwordResetForm.getEmail())) {
            throw new UserEmailNotFoundException(passwordResetForm.getEmail());
        }
        MailToken generateToken = this.mailTokenGenerator.generateToken(passwordResetForm);
        userWrapper.addAttr(CS.RESET_PASSWORD_TOKEN_FIELD, generateToken.getDbToken());
        try {
            updateData(userWrapper.getUser());
            this.sender.sendConfirmationMail(generateToken, locale);
        } catch (Exception e) {
            logger.warn("can't update user" + passwordResetForm.getEmail() + " data ", e);
            throw new UserEmailNotFoundException(passwordResetForm.getEmail());
        }
    }

    private UserWrapper getUserWrapper(final String str) {
        try {
            return (UserWrapper) this.substituteUser.su(new ISubstitueUser.Callback<UserWrapper>() { // from class: pl.edu.icm.yadda.repowebeditor.security.ResetPasswordService.1
                /* renamed from: run, reason: merged with bridge method [inline-methods] */
                public UserWrapper m29run() throws Exception {
                    return new UserWrapper(ResetPasswordService.this.userCatalog.loadUser(str, ResetPasswordService.this.domain, new UserData.UserDataParts[]{UserData.UserDataParts.EFFECTIVE_ROLES, UserData.UserDataParts.EFFECTIVE_GROUPS, UserData.UserDataParts.SENSITIVE_DATA}));
                }
            });
        } catch (Exception e) {
            logger.warn("can't load user data for login: " + str, e);
            return null;
        }
    }

    private void updateData(final User user) throws Exception {
        this.substituteUser.su(new ISubstitueUser.Callback<Object>() { // from class: pl.edu.icm.yadda.repowebeditor.security.ResetPasswordService.2
            public Object run() throws Exception {
                ResetPasswordService.this.userCatalog.updateUser(user);
                return null;
            }
        });
    }

    public void validateTokenAndGenerateAndSendNewPassword(String str) throws WrongTokenException, UserEmailNotFoundException, RepositoryException {
        MailToken decodeWebToken = this.mailTokenGenerator.decodeWebToken(str);
        UserWrapper userWrapper = getUserWrapper(decodeWebToken.getLogin());
        if (userWrapper.notExists() || StringUtils.isEmpty(userWrapper.getEmail())) {
            logger.warn("user does not have email (id:'{0}')", userWrapper.getId());
            throw new UserEmailNotFoundException(userWrapper.getEmail());
        }
        String attr = userWrapper.getAttr(CS.RESET_PASSWORD_TOKEN_FIELD);
        if (StringUtils.isEmpty(attr) || !Objects.equal(attr, decodeWebToken.getDbToken())) {
            logger.warn("token didn't match (dbTokenValue: '{0}', dbToken: '{1}') ", attr, decodeWebToken.getDbToken());
            throw new WrongTokenException(str);
        }
        generateAndSendNewPassword(userWrapper, decodeWebToken.getEmail());
    }

    private void generateAndSendNewPassword(UserWrapper userWrapper, String str) throws RepositoryException {
        String generateRandomString = this.mailTokenGenerator.generateRandomString();
        LoginPasswordCredential createLoginPasswordCredential = createLoginPasswordCredential(userWrapper.getId(), generateRandomString);
        try {
            userWrapper.addAttr(CS.RESET_PASSWORD_TOKEN_FIELD, "");
            updateData(userWrapper.getUser());
            deleteCredentials(userWrapper.getLoginPasswordCredentailsDifferThan(addCredential(createLoginPasswordCredential)));
            this.sender.sendEmailWithNewCredentials(str, generateRandomString);
        } catch (Exception e) {
            logger.error("failed add new credential for username: " + userWrapper.getId(), e);
            throw new RepositoryException(e.getMessage());
        }
    }

    private String addCredential(final LoginPasswordCredential loginPasswordCredential) throws Exception {
        return (String) this.substituteUser.su(new ISubstitueUser.Callback<String>() { // from class: pl.edu.icm.yadda.repowebeditor.security.ResetPasswordService.3
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public String m30run() throws Exception {
                return ResetPasswordService.this.userCatalog.addCredential(loginPasswordCredential);
            }
        });
    }

    private void deleteCredential(final String str) throws Exception {
        this.substituteUser.su(new ISubstitueUser.Callback<String>() { // from class: pl.edu.icm.yadda.repowebeditor.security.ResetPasswordService.4
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public String m31run() throws Exception {
                try {
                    ResetPasswordService.this.userCatalog.deleteCredential(str);
                    return null;
                } catch (CredentialNotFoundException e) {
                    ResetPasswordService.logger.warn("exception deleting credential", e);
                    return null;
                }
            }
        });
    }

    private LoginPasswordCredential createLoginPasswordCredential(String str, String str2) {
        LoginPasswordCredential loginPasswordCredential = new LoginPasswordCredential();
        loginPasswordCredential.setUserId(str);
        loginPasswordCredential.setPassword(str2);
        loginPasswordCredential.setExpireDate(0L);
        loginPasswordCredential.setStatus(Credential.STATUS.ACTIVE);
        return loginPasswordCredential;
    }

    private void deleteCredentials(List<String> list) throws Exception {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            deleteCredential(it.next());
        }
    }
}
