package net.nemerosa.ontrack.service.security;

import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import net.nemerosa.ontrack.model.Ack;
import net.nemerosa.ontrack.model.exceptions.UserOldPasswordException;
import net.nemerosa.ontrack.model.security.OntrackAuthenticatedUser;
import net.nemerosa.ontrack.model.security.SecurityService;
import net.nemerosa.ontrack.model.security.UserService;
import net.nemerosa.ontrack.model.support.PasswordChange;
import net.nemerosa.ontrack.repository.AccountRepository;
import net.nemerosa.ontrack.repository.BuiltinAccount;
import net.nemerosa.ontrack.service.labels.LabelProviderJobSettingsProviderKt;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

/* compiled from: UserServiceImpl.kt */
@Metadata(mv = {1, 4, 2}, bv = {1, LabelProviderJobSettingsProviderKt.DEFAULT_LABEL_PROVIDER_JOB_PER_PROJECT, 3}, k = 1, d1 = {"��*\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0017\u0018��2\u00020\u0001B\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\u0010\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\fH\u0016R\u000e\u0010\u0004\u001a\u00020\u0005X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��¨\u0006\r"}, d2 = {"Lnet/nemerosa/ontrack/service/security/UserServiceImpl;", "Lnet/nemerosa/ontrack/model/security/UserService;", "securityService", "Lnet/nemerosa/ontrack/model/security/SecurityService;", "accountRepository", "Lnet/nemerosa/ontrack/repository/AccountRepository;", "passwordEncoder", "Lorg/springframework/security/crypto/password/PasswordEncoder;", "(Lnet/nemerosa/ontrack/model/security/SecurityService;Lnet/nemerosa/ontrack/repository/AccountRepository;Lorg/springframework/security/crypto/password/PasswordEncoder;)V", "changePassword", "Lnet/nemerosa/ontrack/model/Ack;", "input", "Lnet/nemerosa/ontrack/model/support/PasswordChange;", "ontrack-service"})
@Service
/* loaded from: input_file:net/nemerosa/ontrack/service/security/UserServiceImpl.class */
public class UserServiceImpl implements UserService {
    private final SecurityService securityService;
    private final AccountRepository accountRepository;
    private final PasswordEncoder passwordEncoder;

    @NotNull
    public Ack changePassword(@NotNull PasswordChange passwordChange) {
        Intrinsics.checkNotNullParameter(passwordChange, "input");
        OntrackAuthenticatedUser currentAccount = this.securityService.getCurrentAccount();
        if (currentAccount == null) {
            throw new AccessDeniedException("Must be logged to change password.");
        }
        if (!currentAccount.getAccount().getAuthenticationSource().isAllowingPasswordChange()) {
            throw new AccessDeniedException("Password change is not allowed from ontrack.");
        }
        if (currentAccount.getAccount().getLocked()) {
            throw new AccessDeniedException("User is locked.");
        }
        BuiltinAccount findBuiltinAccount = this.accountRepository.findBuiltinAccount(currentAccount.getAccount().getName());
        if (findBuiltinAccount == null || findBuiltinAccount.getAccount().id() != currentAccount.getAccount().id()) {
            throw new AccessDeniedException("Cannot find matching user.");
        }
        if (!this.passwordEncoder.matches(passwordChange.getOldPassword(), findBuiltinAccount.getPassword())) {
            throw new UserOldPasswordException();
        }
        AccountRepository accountRepository = this.accountRepository;
        int id = currentAccount.getAccount().id();
        String encode = this.passwordEncoder.encode(passwordChange.getNewPassword());
        Intrinsics.checkNotNullExpressionValue(encode, "passwordEncoder.encode(input.newPassword)");
        accountRepository.setPassword(id, encode);
        Ack ack = Ack.OK;
        Intrinsics.checkNotNullExpressionValue(ack, "if (!user.account.authen…)\n            }\n        }");
        return ack;
    }

    public UserServiceImpl(@NotNull SecurityService securityService, @NotNull AccountRepository accountRepository, @NotNull PasswordEncoder passwordEncoder) {
        Intrinsics.checkNotNullParameter(securityService, "securityService");
        Intrinsics.checkNotNullParameter(accountRepository, "accountRepository");
        Intrinsics.checkNotNullParameter(passwordEncoder, "passwordEncoder");
        this.securityService = securityService;
        this.accountRepository = accountRepository;
        this.passwordEncoder = passwordEncoder;
    }
}
