package org.gluu.oxtrust.action;

import java.io.Serializable;
import java.text.ParseException;
import java.util.Calendar;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import javax.enterprise.context.ConversationScoped;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import javax.validation.constraints.AssertTrue;
import javax.validation.constraints.Size;
import org.gluu.config.oxtrust.AppConfiguration;
import org.gluu.jsf2.message.FacesMessages;
import org.gluu.jsf2.service.ConversationService;
import org.gluu.oxtrust.exception.DuplicateEmailException;
import org.gluu.oxtrust.model.GluuCustomAttribute;
import org.gluu.oxtrust.model.GluuCustomPerson;
import org.gluu.oxtrust.model.PasswordResetRequest;
import org.gluu.oxtrust.service.JsonConfigurationService;
import org.gluu.oxtrust.service.OrganizationService;
import org.gluu.oxtrust.service.PasswordResetService;
import org.gluu.oxtrust.service.PersonService;
import org.gluu.oxtrust.service.RecaptchaService;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.exception.EntryPersistenceException;
import org.gluu.util.StringHelper;
import org.slf4j.Logger;

@ConversationScoped
@Named("passwordResetAction")
/* loaded from: input_file:org/gluu/oxtrust/action/PasswordResetAction.class */
public class PasswordResetAction implements Serializable {
    private static final long serialVersionUID = 6457422770824016614L;

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private FacesMessages facesMessages;

    @Inject
    private ConversationService conversationService;

    @Inject
    private RecaptchaService recaptchaService;

    @Inject
    private OrganizationService organizationService;

    @Inject
    private PersonService personService;

    @Inject
    private PasswordResetService passwordResetService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private JsonConfigurationService jsonConfigurationService;
    private PasswordResetRequest request;

    @Size(min = 3, max = 60, message = "Password length must be between {min} and {max} characters.")
    private String password;

    @Size(min = 3, max = 60, message = "Password length must be between {min} and {max} characters.")
    private String confirm;
    private String code;
    private String guid;
    private String securityQuestion;
    private GluuCustomAttribute answer;
    private String securityAnswer;
    private String response;
    private String SECRET_QUESTION = "secretQuestion";
    private String SECRET_ANSWER = "secretAnswer";
    private boolean hasSecurityQuestion = false;

    public String start() throws ParseException {
        PasswordResetRequest passwordResetRequest;
        if (StringHelper.isEmpty(this.guid)) {
            sendExpirationError();
            this.conversationService.endConversation();
            return "failure";
        }
        setCode(this.guid);
        try {
            passwordResetRequest = this.passwordResetService.findPasswordResetRequest(getGuid());
        } catch (EntryPersistenceException e) {
            this.log.error("Failed to find password reset request by '{}'", this.guid, e);
            passwordResetRequest = null;
        }
        if (passwordResetRequest == null) {
            sendExpirationError();
            this.conversationService.endConversation();
            return "failure";
        }
        PasswordResetRequest findActualPasswordResetRequest = this.passwordResetService.findActualPasswordResetRequest(passwordResetRequest.getPersonInum());
        if (findActualPasswordResetRequest == null) {
            sendExpirationError();
            this.conversationService.endConversation();
            return "failure";
        }
        if (!StringHelper.equalsIgnoreCase(this.guid, findActualPasswordResetRequest.getOxGuid())) {
            sendExpirationError();
            this.conversationService.endConversation();
            return "failure";
        }
        this.request = findActualPasswordResetRequest;
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar.setTime(this.request.getCreationDate());
        gregorianCalendar2.add(13, -this.appConfiguration.getPasswordResetRequestExpirationTime());
        if (gregorianCalendar.after(gregorianCalendar2)) {
            return checkSecurityQuetion();
        }
        this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Your link is not valid or your user is not allowed to perform a password reset. If you want to initiate a reset password procedure please fill this form.");
        this.conversationService.endConversation();
        return "failure";
    }

    private String checkSecurityQuetion() {
        GluuCustomPerson personByInum = this.personService.getPersonByInum(this.request.getPersonInum());
        if (personByInum == null) {
            this.conversationService.endConversation();
            return "failure";
        }
        GluuCustomAttribute gluuCustomAttribute = personByInum.getGluuCustomAttribute(this.SECRET_QUESTION);
        setAnswer(personByInum.getGluuCustomAttribute(this.SECRET_ANSWER));
        if (gluuCustomAttribute == null || gluuCustomAttribute.getValue() == null || gluuCustomAttribute.getValue().isEmpty()) {
            return "success";
        }
        this.securityQuestion = gluuCustomAttribute.getValue();
        this.hasSecurityQuestion = true;
        hasSecurityQuestion(true);
        return "success";
    }

    protected void sendExpirationError() {
        this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "The reset link is no longer valid.\n\n Re-enter your e-mail to generate a new link.");
        this.conversationService.endConversation();
    }

    public void update() {
        if ("success".equals(updateImpl())) {
            this.facesMessages.add(FacesMessage.SEVERITY_INFO, "Password reset successful.");
        }
        redirect();
        this.conversationService.endConversation();
    }

    public String updateImpl() {
        boolean z = true;
        if (captchaEnable()) {
            z = this.recaptchaService.verifyRecaptchaResponse();
        }
        if (this.password == null || this.confirm == null) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Incorrect data send.");
            return "failure";
        }
        if (!this.password.equalsIgnoreCase(this.confirm)) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Password mismatch.");
            return "failure";
        }
        if (!z) {
            this.facesMessages.add(FacesMessage.SEVERITY_ERROR, this.facesMessages.evalResourceAsString("#{msgs['person.passwordreset.catch.checkInputAndCaptcha']}"));
            return "failure";
        }
        try {
            this.request = (PasswordResetRequest) this.ldapEntryManager.find(PasswordResetRequest.class, "oxGuid=" + getCode() + ",ou=resetPasswordRequests," + this.organizationService.getOrganization().getDn());
            checkSecurityQuetion();
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            if (this.request != null) {
                calendar.setTime(this.request.getCreationDate());
                calendar.add(10, 2);
            }
            GluuCustomPerson personByInum = this.personService.getPersonByInum(this.request.getPersonInum());
            if (this.securityAnswer == null) {
                this.securityAnswer = getResponse();
            }
            if (!calendar.after(calendar2)) {
                return "failure";
            }
            PasswordResetRequest passwordResetRequest = new PasswordResetRequest();
            passwordResetRequest.setBaseDn(this.request.getBaseDn());
            if (this.securityQuestion == null || this.answer == null) {
                personByInum.setUserPassword(this.password);
                try {
                    this.personService.updatePerson(personByInum);
                    this.ldapEntryManager.remove(passwordResetRequest);
                    return "success";
                } catch (Exception e) {
                    this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Error while processing the request");
                    return "failure";
                } catch (DuplicateEmailException e2) {
                    this.facesMessages.add(FacesMessage.SEVERITY_ERROR, e2.getMessage());
                    return "failure";
                }
            }
            if (!Boolean.valueOf(this.securityAnswer != null && this.securityAnswer.equalsIgnoreCase(this.answer.getValue())).booleanValue()) {
                this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "The provided security answer is not correct. Please try again from the link!");
                return "failure";
            }
            personByInum.setUserPassword(this.password);
            try {
                this.personService.updatePerson(personByInum);
                this.ldapEntryManager.remove(passwordResetRequest);
                return "success";
            } catch (Exception e3) {
                this.facesMessages.add(FacesMessage.SEVERITY_ERROR, "Error while processing the request");
                this.log.error("", e3);
                return "failure";
            } catch (DuplicateEmailException e4) {
                this.facesMessages.add(FacesMessage.SEVERITY_ERROR, e4.getMessage());
                this.log.error("", e4);
                return "failure";
            }
        } catch (Exception e5) {
            this.log.error("=================", e5);
            return "failure";
        }
    }

    public boolean captchaEnable() {
        return this.recaptchaService.isEnabled() && getAuthenticationRecaptchaEnabled();
    }

    public String cancel() {
        this.conversationService.endConversation();
        return "success";
    }

    public void redirect() {
        try {
            FacesContext.getCurrentInstance().getExternalContext().redirect("/identity/passwordResetResult.htm");
        } catch (Exception e) {
            this.log.warn("Error redirecting to password reset result page");
        }
    }

    public String checkAnswer() {
        return "success";
    }

    @AssertTrue(message = "Different passwords entered!")
    public boolean isPasswordsEquals() {
        return this.password.equals(this.confirm);
    }

    public PasswordResetRequest getRequest() {
        return this.request;
    }

    public String getGuid() {
        return this.guid;
    }

    public void setGuid(String str) {
        this.guid = str;
    }

    public String getSecurityQuestion() {
        return this.securityQuestion;
    }

    public void setSecurityQuestion(String str) {
        this.securityQuestion = str;
    }

    public String getSecurityAnswer() {
        return this.securityAnswer;
    }

    public void setSecurityAnswer(String str) {
        this.securityAnswer = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public String getConfirm() {
        return this.confirm;
    }

    public void setConfirm(String str) {
        this.confirm = str;
    }

    public boolean getAuthenticationRecaptchaEnabled() {
        return this.jsonConfigurationService.getOxTrustappConfiguration().isAuthenticationRecaptchaEnabled();
    }

    public String getCode() {
        return this.code;
    }

    public void setCode(String str) {
        this.code = str;
    }

    public GluuCustomAttribute getAnswer() {
        return this.answer;
    }

    public void setAnswer(GluuCustomAttribute gluuCustomAttribute) {
        this.answer = gluuCustomAttribute;
    }

    public boolean hasSecurityQuestion() {
        return this.hasSecurityQuestion;
    }

    public void hasSecurityQuestion(boolean z) {
        this.hasSecurityQuestion = z;
    }

    public String getResponse() {
        return this.response;
    }

    public void setResponse(String str) {
        this.response = str;
    }
}
