package org.georchestra.console.ws.changepassword;

import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.georchestra.commons.security.SecurityHeaders;
import org.georchestra.console.model.AdminLogType;
import org.georchestra.console.ws.utils.LogUtils;
import org.georchestra.console.ws.utils.PasswordUtils;
import org.georchestra.ds.DataServiceException;
import org.georchestra.ds.users.AccountDao;
import org.georchestra.ds.users.PasswordType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.SessionAttributes;

@SessionAttributes(types = {ChangePasswordFormBean.class})
@Controller
/* loaded from: input_file:WEB-INF/classes/org/georchestra/console/ws/changepassword/ChangePasswordFormController.class */
public class ChangePasswordFormController {
    private final AccountDao accountDao;

    @Autowired
    protected PasswordUtils passwordUtils;

    @Autowired
    protected LogUtils logUtils;

    @Autowired
    public ChangePasswordFormController(AccountDao accountDao) {
        this.accountDao = accountDao;
    }

    @InitBinder
    public void initForm(WebDataBinder webDataBinder) {
        webDataBinder.setAllowedFields("password", "confirmPassword");
    }

    @RequestMapping(value = {"/account/changePassword"}, method = {RequestMethod.GET})
    public String setupForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Model model) throws DataServiceException {
        Optional<String> username = getUsername();
        if (!username.isPresent()) {
            return "forbidden";
        }
        boolean z = Objects.nonNull(httpServletRequest.getHeader(SecurityHeaders.SEC_EXTERNAL_AUTHENTICATION)) && Boolean.parseBoolean(SecurityHeaders.decode(httpServletRequest.getHeader(SecurityHeaders.SEC_EXTERNAL_AUTHENTICATION)));
        if (isUserAuthenticatedBySASL(username.get()) || z) {
            return "userManagedBySASL";
        }
        model.addAttribute(new ChangePasswordFormBean());
        model.addAttribute("pwdUtils", this.passwordUtils);
        return "changePasswordForm";
    }

    @RequestMapping(value = {"/account/changePassword"}, method = {RequestMethod.POST})
    public String changePassword(Model model, @ModelAttribute ChangePasswordFormBean changePasswordFormBean, BindingResult bindingResult) throws DataServiceException {
        Optional<String> username = getUsername();
        if (!username.isPresent()) {
            return "forbidden";
        }
        String str = username.get();
        if (isUserAuthenticatedBySASL(str)) {
            return "userManagedBySASL";
        }
        this.passwordUtils.validate(changePasswordFormBean.getPassword(), changePasswordFormBean.getConfirmPassword(), bindingResult);
        model.addAttribute("pwdUtils", this.passwordUtils);
        if (bindingResult.hasErrors()) {
            return "changePasswordForm";
        }
        this.accountDao.changePassword(str, changePasswordFormBean.getPassword());
        model.addAttribute("success", true);
        this.logUtils.createLog(str, AdminLogType.USER_PASSWORD_CHANGED, null);
        return "changePasswordForm";
    }

    @ModelAttribute("changePasswordFormBean")
    public ChangePasswordFormBean getChangePasswordFormBean() {
        return new ChangePasswordFormBean();
    }

    private Optional<String> getUsername() {
        try {
            return Optional.of(((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
        } catch (NullPointerException e) {
            return Optional.empty();
        }
    }

    private boolean checkPermission(String str) {
        try {
            return ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername().equals(str);
        } catch (NullPointerException e) {
            return false;
        }
    }

    private boolean isUserAuthenticatedBySASL(String str) throws DataServiceException {
        return this.accountDao.findByUID(str).getPasswordType() == PasswordType.SASL;
    }
}
