package com.atlassian.servicedesk.internal.feature.customer.user;

import com.atlassian.annotations.nonnull.ReturnValuesAreNonnullByDefault;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.pocketknife.api.commons.error.AnError;
import com.atlassian.pocketknife.api.commons.jira.ErrorResultHelper;
import com.atlassian.pocketknife.step.Steps;
import com.atlassian.servicedesk.JSDSuccess;
import com.atlassian.servicedesk.api.portal.Portal;
import com.atlassian.servicedesk.api.user.CheckedUser;
import com.atlassian.servicedesk.internal.feature.customer.user.invite.SetPasswordManager;
import com.atlassian.servicedesk.internal.notifications.CustomerConversationalNotificationManager;
import io.atlassian.fugue.Either;
import io.atlassian.fugue.Option;
import javax.annotation.ParametersAreNonnullByDefault;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@ParametersAreNonnullByDefault
@Component
@ReturnValuesAreNonnullByDefault
/* loaded from: input_file:com/atlassian/servicedesk/internal/feature/customer/user/ResetPasswordService.class */
public class ResetPasswordService {
    private static final Logger LOG = LoggerFactory.getLogger(ResetPasswordService.class);
    private final CustomerConversationalNotificationManager customerConversationalNotificationManager;
    private final ErrorResultHelper errorResultHelper;
    private final SetPasswordManager setPasswordManager;
    private final UserManager userManager;
    private final UserUtil userUtil;
    private final ApplicationProperties applicationProperties;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.servicedesk.internal.feature.customer.user.ResetPasswordService$1, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/servicedesk/internal/feature/customer/user/ResetPasswordService$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$jira$user$util$UserUtil$PasswordResetTokenValidation$Status = new int[UserUtil.PasswordResetTokenValidation.Status.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$jira$user$util$UserUtil$PasswordResetTokenValidation$Status[UserUtil.PasswordResetTokenValidation.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$atlassian$jira$user$util$UserUtil$PasswordResetTokenValidation$Status[UserUtil.PasswordResetTokenValidation.Status.EXPIRED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$atlassian$jira$user$util$UserUtil$PasswordResetTokenValidation$Status[UserUtil.PasswordResetTokenValidation.Status.UNEQUAL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Autowired
    public ResetPasswordService(CustomerConversationalNotificationManager customerConversationalNotificationManager, ErrorResultHelper errorResultHelper, SetPasswordManager setPasswordManager, UserManager userManager, UserUtil userUtil, ApplicationProperties applicationProperties) {
        this.customerConversationalNotificationManager = customerConversationalNotificationManager;
        this.errorResultHelper = errorResultHelper;
        this.setPasswordManager = setPasswordManager;
        this.userManager = userManager;
        this.userUtil = userUtil;
        this.applicationProperties = applicationProperties;
    }

    public Either<AnError, Integer> forgotPassword(Option<String> option, Option<Portal> option2) {
        return mapIfUserNotFoundError(this.setPasswordManager.validateUser(option).map(checkedUser -> {
            return sendMailForForgotPasswordUsers(checkedUser, option2);
        }));
    }

    public Either<AnError, JSDSuccess> resetPassword(String str, String str2, String str3, HttpServletRequest httpServletRequest) {
        Option<CheckedUser> option = this.setPasswordManager.validateUser(Option.option(str)).toOption();
        return Steps.begin(validateToken(option, Option.option(str3))).then(passwordResetTokenValidation -> {
            return this.setPasswordManager.validateNewPasswords((CheckedUser) option.get(), Option.option(str2));
        }).then((passwordResetTokenValidation2, str4) -> {
            return this.setPasswordManager.setPassword((CheckedUser) option.get(), str4);
        }).yield((passwordResetTokenValidation3, str5, unit) -> {
            return JSDSuccess.success();
        });
    }

    public boolean isPasswordResetSupported() {
        return !isExternalUserManagement() && this.userManager.hasPasswordWritableDirectory();
    }

    private boolean isExternalUserManagement() {
        return this.applicationProperties.getOption("jira.option.user.externalmanagement");
    }

    public UserUtil.PasswordResetTokenValidation validatePasswordResetToken(ApplicationUser applicationUser, Option<String> option) {
        return this.userUtil.validatePasswordResetToken(applicationUser, (String) option.getOrElse(""));
    }

    private Integer sendMailForForgotPasswordUsers(CheckedUser checkedUser, Option<Portal> option) {
        if (this.userManager.canUpdateUserPassword(checkedUser.forJIRA())) {
            sendPasswordResetEmail(checkedUser, option);
            return 2;
        }
        sendCannotChangePasswordEmail(checkedUser, option);
        return 4;
    }

    void sendPasswordResetEmail(CheckedUser checkedUser, Option<Portal> option) {
        this.customerConversationalNotificationManager.sendEmailForResetPassword(checkedUser, option, this.userUtil.generatePasswordResetToken(checkedUser.forJIRA()));
    }

    private void sendCannotChangePasswordEmail(CheckedUser checkedUser, Option<Portal> option) {
        this.customerConversationalNotificationManager.sendEmailForCannotResetPassword(checkedUser, option);
    }

    private Either<AnError, Integer> mapIfUserNotFoundError(Either<AnError, Integer> either) {
        return (either.isLeft() && isUserNotFoundError((AnError) either.left().get())) ? Either.right(2) : either;
    }

    private boolean isUserNotFoundError(AnError anError) {
        return anError.getMessage().getI18n().exists(i18n -> {
            return "sd.resetpassword.error.user.not.found".equals(i18n.getI18nKey());
        });
    }

    private Either<AnError, UserUtil.PasswordResetTokenValidation> validateToken(Option<CheckedUser> option, Option<String> option2) {
        return (Either) option.fold(() -> {
            return Either.left(expiredTokenError());
        }, checkedUser -> {
            return internalValidateToken(checkedUser, (String) option2.getOrElse(""));
        });
    }

    private Either<AnError, UserUtil.PasswordResetTokenValidation> internalValidateToken(CheckedUser checkedUser, String str) {
        UserUtil.PasswordResetTokenValidation validatePasswordResetToken = this.userUtil.validatePasswordResetToken(checkedUser.forJIRA(), str);
        switch (AnonymousClass1.$SwitchMap$com$atlassian$jira$user$util$UserUtil$PasswordResetTokenValidation$Status[validatePasswordResetToken.getStatus().ordinal()]) {
            case 1:
                return Either.right(validatePasswordResetToken);
            case 2:
                return Either.left(expiredTokenError());
            case 3:
                return Either.left(this.errorResultHelper.badRequest400("sd.resetpassword.error.invalid.token", new Object[0]).build());
            default:
                LOG.error("Unexpected status of password reset token validation: " + validatePasswordResetToken.getStatus());
                return Either.left(this.errorResultHelper.internalServiceError500("there is an unknown validation status", new Object[0]).build());
        }
    }

    private AnError expiredTokenError() {
        return this.errorResultHelper.badRequest400("sd.resetpassword.error.token.timedout", new Object[0]).build();
    }
}
