package org.gluu.oxtrust.action;

import java.io.Serializable;
import java.text.ParseException;
import java.util.Calendar;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import javax.enterprise.context.ConversationScoped;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.AssertTrue;
import javax.validation.constraints.Size;
import org.gluu.config.oxtrust.AppConfiguration;
import org.gluu.jsf2.message.FacesMessages;
import org.gluu.jsf2.service.ConversationService;
import org.gluu.oxtrust.ldap.service.JsonConfigurationService;
import org.gluu.oxtrust.ldap.service.OrganizationService;
import org.gluu.oxtrust.ldap.service.OxTrustAuditService;
import org.gluu.oxtrust.ldap.service.PersonService;
import org.gluu.oxtrust.ldap.service.RecaptchaService;
import org.gluu.oxtrust.model.GluuCustomAttribute;
import org.gluu.oxtrust.model.GluuCustomPerson;
import org.gluu.oxtrust.model.PasswordResetRequest;
import org.gluu.oxtrust.security.Identity;
import org.gluu.oxtrust.service.PasswordResetService;
import org.gluu.oxtrust.util.OxTrustConstants;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.exception.EntryPersistenceException;
import org.gluu.util.StringHelper;
import org.slf4j.Logger;

@ConversationScoped
@Named("passwordResetAction")
/* loaded from: input_file:org/gluu/oxtrust/action/PasswordResetAction.class */
public class PasswordResetAction implements Serializable {
    private static final long serialVersionUID = 6457422770824016614L;

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private FacesMessages facesMessages;

    @Inject
    private ConversationService conversationService;

    @Inject
    private RecaptchaService recaptchaService;

    @Inject
    private OrganizationService organizationService;

    @Inject
    private PersonService personService;

    @Inject
    private PasswordResetService passwordResetService;

    @Inject
    private Identity identity;

    @Inject
    private OxTrustAuditService oxTrustAuditService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private JsonConfigurationService jsonConfigurationService;
    private PasswordResetRequest request;
    private String guid;
    private String securityQuestion;
    private String securityAnswer;

    @Size(min = 3, max = 60, message = "Password length must be between {min} and {max} characters.")
    private String password;

    @Size(min = 3, max = 60, message = "Password length must be between {min} and {max} characters.")
    private String confirm;
    private String code;

    public String start() throws ParseException {
        if (StringHelper.isEmpty(this.guid)) {
            sendExpirationError();
            return OxTrustConstants.RESULT_FAILURE;
        }
        setCode(this.guid);
        try {
            PasswordResetRequest findPasswordResetRequest = this.passwordResetService.findPasswordResetRequest(getGuid());
            if (findPasswordResetRequest == null) {
                sendExpirationError();
                return OxTrustConstants.RESULT_FAILURE;
            }
            PasswordResetRequest findActualPasswordResetRequest = this.passwordResetService.findActualPasswordResetRequest(findPasswordResetRequest.getPersonInum());
            if (findActualPasswordResetRequest == null) {
                sendExpirationError();
                return OxTrustConstants.RESULT_FAILURE;
            }
            if (!StringHelper.equalsIgnoreCase(this.guid, findActualPasswordResetRequest.getOxGuid())) {
                sendExpirationError();
                return OxTrustConstants.RESULT_FAILURE;
            }
            this.request = findActualPasswordResetRequest;
            GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
            if (this.request != null) {
                gregorianCalendar.setTime(this.request.getCreationDate());
            }
            gregorianCalendar2.add(13, -this.appConfiguration.getPasswordResetRequestExpirationTime());
            GluuCustomPerson personByInum = this.personService.getPersonByInum(this.request.getPersonInum());
            GluuCustomAttribute gluuCustomAttribute = null;
            if (personByInum != null) {
                gluuCustomAttribute = personByInum.getGluuCustomAttribute("secretQuestion");
            }
            if (this.request == null || !gregorianCalendar.after(gregorianCalendar2)) {
                this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Your link is not valid or your user is not allowed to perform a password reset. If you want to initiate a reset password procedure please fill this form.");
                this.conversationService.endConversation();
                return OxTrustConstants.RESULT_FAILURE;
            }
            if (gluuCustomAttribute == null) {
                return OxTrustConstants.RESULT_SUCCESS;
            }
            this.securityQuestion = gluuCustomAttribute.getValue();
            return OxTrustConstants.RESULT_SUCCESS;
        } catch (EntryPersistenceException e) {
            this.log.error("Failed to find password reset request by '{}'", this.guid, e);
            sendExpirationError();
            return OxTrustConstants.RESULT_FAILURE;
        }
    }

    protected void sendExpirationError() {
        this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "The reset link is no longer valid.\n\n Re-enter your e-mail to generate a new link.");
        this.conversationService.endConversation();
    }

    public String update() {
        String updateImpl = updateImpl();
        if (OxTrustConstants.RESULT_SUCCESS.equals(updateImpl)) {
            this.facesMessages.add(FacesMessage.SEVERITY_INFO, "Password reset successful.");
            this.conversationService.endConversation();
        } else if (OxTrustConstants.RESULT_FAILURE.equals(updateImpl)) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Your secret answer or Captcha code may have been wrong. Please try to correct it or contact your administrator to change your password.");
            this.conversationService.endConversation();
        }
        return updateImpl;
    }

    public String updateImpl() {
        boolean z = true;
        if (this.recaptchaService.isEnabled() && getAuthenticationRecaptchaEnabled()) {
            z = this.recaptchaService.verifyRecaptchaResponse();
        }
        if (!z) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, this.facesMessages.evalResourceAsString("#{msg['person.passwordreset.catch.checkInputAndCaptcha']}"));
            return OxTrustConstants.RESULT_FAILURE;
        }
        try {
            this.request = (PasswordResetRequest) this.ldapEntryManager.find(PasswordResetRequest.class, "oxGuid=" + getCode() + ",ou=resetPasswordRequests," + this.organizationService.getOrganization().getDn());
        } catch (Exception e) {
            this.log.info("", e);
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        if (this.request != null) {
            calendar.setTime(this.request.getCreationDate());
            calendar.add(10, 2);
        }
        GluuCustomPerson personByInum = this.personService.getPersonByInum(this.request.getPersonInum());
        GluuCustomAttribute gluuCustomAttribute = null;
        GluuCustomAttribute gluuCustomAttribute2 = null;
        if (personByInum != null) {
            gluuCustomAttribute = personByInum.getGluuCustomAttribute("secretQuestion");
            gluuCustomAttribute2 = personByInum.getGluuCustomAttribute("secretAnswer");
        }
        if (this.request == null || !calendar.after(calendar2)) {
            return OxTrustConstants.RESULT_FAILURE;
        }
        PasswordResetRequest passwordResetRequest = new PasswordResetRequest();
        passwordResetRequest.setBaseDn(this.request.getBaseDn());
        this.ldapEntryManager.remove(passwordResetRequest);
        try {
            this.oxTrustAuditService.audit("PASSWORD RESET REQUEST" + passwordResetRequest.getBaseDn() + " REMOVED", this.identity.getUser(), (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest());
        } catch (Exception e2) {
        }
        if (gluuCustomAttribute == null || gluuCustomAttribute2 == null) {
            personByInum.setUserPassword(this.password);
            try {
                this.personService.updatePerson(personByInum);
                return OxTrustConstants.RESULT_SUCCESS;
            } catch (DuplicateEmailException e3) {
                this.facesMessages.add(FacesMessage.SEVERITY_ERROR, e3.getMessage());
                return OxTrustConstants.RESULT_FAILURE;
            } catch (Exception e4) {
                this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Error while processing the request");
                return OxTrustConstants.RESULT_FAILURE;
            }
        }
        if (!Boolean.valueOf(this.securityAnswer != null && this.securityAnswer.equals(gluuCustomAttribute2.getValue())).booleanValue()) {
            return OxTrustConstants.RESULT_FAILURE;
        }
        personByInum.setUserPassword(this.password);
        try {
            this.personService.updatePerson(personByInum);
            return OxTrustConstants.RESULT_SUCCESS;
        } catch (DuplicateEmailException e5) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, e5.getMessage());
            return OxTrustConstants.RESULT_FAILURE;
        } catch (Exception e6) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Error while processing the request");
            return OxTrustConstants.RESULT_FAILURE;
        }
    }

    public String cancel() {
        return OxTrustConstants.RESULT_SUCCESS;
    }

    public String checkAnswer() {
        return OxTrustConstants.RESULT_SUCCESS;
    }

    @AssertTrue(message = "Different passwords entered!")
    public boolean isPasswordsEquals() {
        return this.password.equals(this.confirm);
    }

    public PasswordResetRequest getRequest() {
        return this.request;
    }

    public String getGuid() {
        return this.guid;
    }

    public void setGuid(String str) {
        this.guid = str;
    }

    public String getSecurityQuestion() {
        return this.securityQuestion;
    }

    public void setSecurityQuestion(String str) {
        this.securityQuestion = str;
    }

    public String getSecurityAnswer() {
        return this.securityAnswer;
    }

    public void setSecurityAnswer(String str) {
        this.securityAnswer = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public String getConfirm() {
        return this.confirm;
    }

    public void setConfirm(String str) {
        this.confirm = str;
    }

    public boolean getAuthenticationRecaptchaEnabled() {
        return this.jsonConfigurationService.getOxTrustappConfiguration().isAuthenticationRecaptchaEnabled();
    }

    public String getCode() {
        return this.code;
    }

    public void setCode(String str) {
        this.code = str;
    }
}
