package org.georchestra.console.ws.passwordrecovery;

import java.io.IOException;
import java.util.UUID;
import javax.mail.MessagingException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.georchestra.console.bs.ReCaptchaParameters;
import org.georchestra.console.ds.UserTokenDao;
import org.georchestra.console.mailservice.EmailFactory;
import org.georchestra.console.model.AdminLogType;
import org.georchestra.console.ws.utils.LogUtils;
import org.georchestra.console.ws.utils.RecaptchaUtils;
import org.georchestra.ds.DataServiceException;
import org.georchestra.ds.roles.RoleDao;
import org.georchestra.ds.users.Account;
import org.georchestra.ds.users.AccountDao;
import org.georchestra.ds.users.PasswordType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.bind.support.SessionStatus;
import org.springframework.web.util.UriComponentsBuilder;

@SessionAttributes(types = {PasswordRecoveryFormBean.class})
@Controller
/* loaded from: input_file:WEB-INF/classes/org/georchestra/console/ws/passwordrecovery/PasswordRecoveryFormController.class */
public class PasswordRecoveryFormController {
    protected static final Log LOG = LogFactory.getLog(PasswordRecoveryFormController.class.getName());
    private final AccountDao accountDao;
    private final RoleDao roleDao;
    private EmailFactory emailFactory;
    private final UserTokenDao userTokenDao;
    private final ReCaptchaParameters reCaptchaParameters;

    @Autowired
    private boolean reCaptchaActivated;

    @Autowired
    protected LogUtils logUtils;

    @Value("${publicContextPath:/console}")
    private String publicContextPath;

    @Value("https://${domainName}")
    private String publicUrl;

    @Autowired
    public PasswordRecoveryFormController(AccountDao accountDao, RoleDao roleDao, EmailFactory emailFactory, UserTokenDao userTokenDao, ReCaptchaParameters reCaptchaParameters) {
        this.accountDao = accountDao;
        this.roleDao = roleDao;
        this.emailFactory = emailFactory;
        this.userTokenDao = userTokenDao;
        this.reCaptchaParameters = reCaptchaParameters;
    }

    @InitBinder
    public void initForm(WebDataBinder webDataBinder) {
        webDataBinder.setAllowedFields("email", "recaptcha_response_field");
    }

    @RequestMapping(value = {"/account/passwordRecovery"}, method = {RequestMethod.GET})
    public String setupForm(HttpServletRequest httpServletRequest, @RequestParam(value = "email", required = false) String str, Model model) throws DataServiceException {
        if (str != null && getPasswordType(str) == PasswordType.SASL) {
            return "userManagedBySASL";
        }
        HttpSession session = httpServletRequest.getSession();
        if ("bad.token".equals((String) session.getAttribute("errmsg"))) {
            session.removeAttribute("errmsg");
            model.addAttribute("badtoken", true);
        }
        PasswordRecoveryFormBean passwordRecoveryFormBean = new PasswordRecoveryFormBean();
        passwordRecoveryFormBean.setEmail(str);
        model.addAttribute(passwordRecoveryFormBean);
        model.addAttribute("recaptchaActivated", Boolean.valueOf(this.reCaptchaActivated));
        session.setAttribute("reCaptchaPublicKey", this.reCaptchaParameters.getPublicKey());
        return "passwordRecoveryForm";
    }

    @RequestMapping(value = {"/account/passwordRecovery"}, method = {RequestMethod.POST})
    public String generateToken(HttpServletRequest httpServletRequest, @ModelAttribute PasswordRecoveryFormBean passwordRecoveryFormBean, BindingResult bindingResult, SessionStatus sessionStatus) throws IOException {
        if (this.reCaptchaActivated) {
            RecaptchaUtils.validate(this.reCaptchaParameters, passwordRecoveryFormBean.getRecaptcha_response_field(), bindingResult);
        }
        if (bindingResult.hasErrors()) {
            return "passwordRecoveryForm";
        }
        try {
            Account findByEmail = this.accountDao.findByEmail(passwordRecoveryFormBean.getEmail());
            if (findByEmail.isPending()) {
                throw new NameNotFoundException("User is pending");
            }
            String uuid = UUID.randomUUID().toString();
            if (this.userTokenDao.exist(findByEmail.getUid())) {
                this.userTokenDao.delete(findByEmail.getUid());
            }
            this.userTokenDao.insertToken(findByEmail.getUid(), uuid);
            String makeChangePasswordURL = makeChangePasswordURL(this.publicUrl, this.publicContextPath, uuid);
            this.emailFactory.sendChangePasswordEmail(httpServletRequest.getSession().getServletContext(), findByEmail.getEmail(), findByEmail.getCommonName(), findByEmail.getUid(), makeChangePasswordURL);
            sessionStatus.setComplete();
            this.logUtils.createLog(findByEmail.getUid(), AdminLogType.EMAIL_RECOVERY_SENT, "");
            return "emailWasSent";
        } catch (MessagingException | DataServiceException e) {
            throw new IOException(e);
        } catch (NameNotFoundException e2) {
            return "emailWasSent";
        }
    }

    protected String makeChangePasswordURL(String str, String str2, String str3) {
        String uriString = UriComponentsBuilder.fromHttpUrl(str).path(str2).path("/account/newPassword").query("token={token}").buildAndExpand(str3).toUriString();
        if (LOG.isDebugEnabled()) {
            LOG.debug("generated url:" + uriString);
        }
        return uriString;
    }

    @ModelAttribute("passwordRecoveryFormBean")
    public PasswordRecoveryFormBean getPasswordRecoveryFormBean() {
        return new PasswordRecoveryFormBean();
    }

    public void setEmailFactory(EmailFactory emailFactory) {
        this.emailFactory = emailFactory;
    }

    public void setPublicUrl(String str) {
        this.publicUrl = str;
    }

    public void setPublicContextPath(String str) {
        this.publicContextPath = str;
    }

    private PasswordType getPasswordType(String str) throws DataServiceException {
        return this.accountDao.findByEmail(str).getPasswordType();
    }
}
