package net.yadaframework.security.web;

import jakarta.annotation.PostConstruct;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.util.List;
import java.util.Locale;
import net.yadaframework.components.YadaNotify;
import net.yadaframework.core.YadaConfiguration;
import net.yadaframework.core.YadaRegistrationType;
import net.yadaframework.exceptions.YadaInternalException;
import net.yadaframework.security.components.YadaAuthenticationFailureHandler;
import net.yadaframework.security.components.YadaSecurityEmailService;
import net.yadaframework.security.components.YadaSecurityUtil;
import net.yadaframework.security.components.YadaTokenHandler;
import net.yadaframework.security.components.YadaUserDetailsService;
import net.yadaframework.security.persistence.entity.YadaRegistrationRequest;
import net.yadaframework.security.persistence.entity.YadaUserCredentials;
import net.yadaframework.security.persistence.entity.YadaUserProfile;
import net.yadaframework.security.persistence.repository.YadaRegistrationRequestDao;
import net.yadaframework.security.persistence.repository.YadaUserCredentialsDao;
import net.yadaframework.security.persistence.repository.YadaUserProfileDao;
import net.yadaframework.web.form.YadaFormPasswordChange;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;

@Controller
/* loaded from: input_file:net/yadaframework/security/web/YadaRegistrationController.class */
public class YadaRegistrationController {

    @Autowired
    private YadaUserCredentialsDao yadaUserCredentialsDao;

    @Autowired
    private YadaUserProfileDao yadaUserProfileDao;

    @Autowired
    private YadaSecurityUtil yadaSecurityUtil;

    @Autowired
    private YadaRegistrationRequestDao yadaRegistrationRequestDao;

    @Autowired
    private YadaSecurityEmailService yadaSecurityEmailService;

    @Autowired
    private YadaTokenHandler yadaTokenHandler;

    @Autowired
    private YadaUserDetailsService yadaUserDetailsService;

    @Autowired
    private YadaConfiguration yadaConfiguration;

    @Autowired
    private YadaNotify yadaNotify;
    private final transient Logger log = LoggerFactory.getLogger(getClass());
    private PasswordEncoder passwordEncoder = null;

    /* loaded from: input_file:net/yadaframework/security/web/YadaRegistrationController$YadaChangeUsernameOutcome.class */
    public class YadaChangeUsernameOutcome {
        public YadaChangeUsernameResult resultCode;
        public String newUsername;

        public YadaChangeUsernameOutcome() {
        }

        YadaChangeUsernameOutcome setCode(YadaChangeUsernameResult yadaChangeUsernameResult) {
            this.resultCode = yadaChangeUsernameResult;
            return this;
        }
    }

    /* loaded from: input_file:net/yadaframework/security/web/YadaRegistrationController$YadaChangeUsernameResult.class */
    public enum YadaChangeUsernameResult {
        OK,
        ERROR,
        REQUEST_INVALID,
        LINK_EXPIRED,
        USER_EXISTS
    }

    /* loaded from: input_file:net/yadaframework/security/web/YadaRegistrationController$YadaRegistrationOutcome.class */
    public class YadaRegistrationOutcome<T extends YadaUserProfile, R extends YadaRegistrationRequest> {
        public YadaRegistrationStatus registrationStatus;
        public T userProfile;
        public String email;
        public R yadaRegistrationRequest;

        public YadaRegistrationOutcome() {
        }
    }

    /* loaded from: input_file:net/yadaframework/security/web/YadaRegistrationController$YadaRegistrationStatus.class */
    public enum YadaRegistrationStatus {
        OK,
        ERROR,
        REQUEST_INVALID,
        LINK_EXPIRED,
        USER_EXISTS
    }

    @PostConstruct
    public void init() {
        if (this.yadaConfiguration.encodePassword()) {
            this.passwordEncoder = new BCryptPasswordEncoder();
        }
    }

    public <T extends YadaUserProfile, R extends YadaRegistrationRequest> YadaRegistrationOutcome<T, R> handleRegistrationConfirmation(String str, String[] strArr, Locale locale, HttpSession httpSession, Class<T> cls, Class<R> cls2) {
        try {
            httpSession.invalidate();
        } catch (Exception e) {
            this.log.debug("Error invalidating session at user registration (ignored)", e);
        }
        YadaRegistrationOutcome<T, R> yadaRegistrationOutcome = new YadaRegistrationOutcome<>();
        long[] parseLink = this.yadaTokenHandler.parseLink(str);
        try {
        } catch (Exception e2) {
            yadaRegistrationOutcome.registrationStatus = YadaRegistrationStatus.ERROR;
            this.log.error("Registration of token {} failed", str, e2);
        }
        if (parseLink == null) {
            yadaRegistrationOutcome.registrationStatus = YadaRegistrationStatus.REQUEST_INVALID;
            this.log.error("Invalid registration url");
            return yadaRegistrationOutcome;
        }
        List<R> findByIdAndTokenOrderByTimestampDesc = this.yadaRegistrationRequestDao.findByIdAndTokenOrderByTimestampDesc(parseLink[0], parseLink[1], cls2);
        if (findByIdAndTokenOrderByTimestampDesc.isEmpty()) {
            this.log.warn("registrationRequests.isEmpty()");
            yadaRegistrationOutcome.registrationStatus = YadaRegistrationStatus.LINK_EXPIRED;
            return yadaRegistrationOutcome;
        }
        R r = findByIdAndTokenOrderByTimestampDesc.get(0);
        String lowerCase = r.getEmail().toLowerCase(Locale.ROOT);
        yadaRegistrationOutcome.email = lowerCase;
        yadaRegistrationOutcome.yadaRegistrationRequest = r;
        if (this.yadaUserCredentialsDao.findFirstByUsername(lowerCase) != null) {
            this.log.warn("Email '{}' already exists", lowerCase);
            yadaRegistrationOutcome.registrationStatus = YadaRegistrationStatus.USER_EXISTS;
            return yadaRegistrationOutcome;
        }
        T t = (T) createNewUser(r.getEmail(), r.getPassword(), strArr, locale, cls);
        yadaRegistrationOutcome.userProfile = t;
        this.yadaRegistrationRequestDao.delete(r);
        this.yadaUserDetailsService.authenticateAs(t.getUserCredentials());
        this.log.info("Registration of '{}' successful", lowerCase);
        yadaRegistrationOutcome.registrationStatus = YadaRegistrationStatus.OK;
        return yadaRegistrationOutcome;
    }

    public <T extends YadaUserProfile> T createNewUser(String str, String str2, String[] strArr, Locale locale, Class<T> cls) {
        try {
            YadaUserCredentials yadaUserCredentials = new YadaUserCredentials();
            yadaUserCredentials.setUsername(str.toLowerCase());
            yadaUserCredentials.changePassword(str2, this.passwordEncoder);
            yadaUserCredentials.setEnabled(true);
            yadaUserCredentials.addRoles(this.yadaConfiguration.getRoleIds(strArr));
            T newInstance = cls.newInstance();
            newInstance.setLocale(locale);
            newInstance.setUserCredentials(yadaUserCredentials);
            return (T) this.yadaUserProfileDao.save(newInstance);
        } catch (IllegalAccessException | InstantiationException e) {
            throw new YadaInternalException("Can't create instance of {}", new Object[]{cls});
        }
    }

    public boolean handleRegistrationRequest(YadaRegistrationRequest yadaRegistrationRequest, BindingResult bindingResult, Model model, HttpServletRequest httpServletRequest, Locale locale) {
        String email = yadaRegistrationRequest.getEmail();
        if (StringUtils.isBlank(email) || email.indexOf("@") < 0 || email.indexOf(".") < 0 || this.yadaConfiguration.emailBlacklisted(email)) {
            bindingResult.rejectValue("email", "yada.form.registration.email.invalid");
        } else {
            email = email.toLowerCase(Locale.ROOT);
            yadaRegistrationRequest.setEmail(email);
        }
        if (this.yadaUserCredentialsDao.findFirstByUsername(email) != null) {
            this.log.debug("Email {} already found in database while registering new user", email);
            bindingResult.rejectValue("email", "yada.form.registration.username.exists");
            model.addAttribute("yadaUserExists", true);
        }
        if (!this.yadaUserDetailsService.validatePasswordSyntax(yadaRegistrationRequest.getPassword())) {
            bindingResult.rejectValue(YadaAuthenticationFailureHandler.REQUESTATTR_PASSWORD, "yada.form.registration.password.length", new Object[]{Integer.valueOf(this.yadaConfiguration.getMinPasswordLength()), Integer.valueOf(this.yadaConfiguration.getMaxPasswordLength())}, "Wrong password length");
        }
        if (bindingResult.hasErrors()) {
            return false;
        }
        yadaRegistrationRequest.setRegistrationType(YadaRegistrationType.REGISTRATION);
        this.yadaSecurityUtil.registrationRequestCleanup(yadaRegistrationRequest);
        YadaRegistrationRequest save = this.yadaRegistrationRequestDao.save(yadaRegistrationRequest);
        if (this.yadaSecurityEmailService.sendRegistrationConfirmation(save, null, httpServletRequest, locale)) {
            return true;
        }
        this.log.debug("Registration mail not sent to {}", email);
        if (this.yadaConfiguration.isDevelopmentEnvironment()) {
            this.log.debug("Registration request still valid in development: copy&paste the registration url");
        } else {
            this.yadaRegistrationRequestDao.delete(save);
        }
        bindingResult.rejectValue("email", "yada.form.registration.email.failed");
        return false;
    }

    @RequestMapping({"/passwordChangeAfterRequest"})
    public String passwordChangeAfterRequest(YadaFormPasswordChange yadaFormPasswordChange, BindingResult bindingResult, Model model, Locale locale) {
        if (!this.yadaUserDetailsService.validatePasswordSyntax(yadaFormPasswordChange.getPassword())) {
            bindingResult.rejectValue(YadaAuthenticationFailureHandler.REQUESTATTR_PASSWORD, "validation.password.length", new Object[]{Integer.valueOf(this.yadaConfiguration.getMinPasswordLength()), Integer.valueOf(this.yadaConfiguration.getMaxPasswordLength())}, "Wrong password length");
            return "/yada/modalPasswordChange";
        }
        if (this.yadaSecurityUtil.performPasswordChange(yadaFormPasswordChange)) {
            this.log.info("Password changed for user '{}'", yadaFormPasswordChange.getUsername());
            this.yadaNotify.titleKey(model, locale, new String[]{"yada.pwdreset.done.title"}).ok().messageKey(new String[]{"yada.pwdreset.done.message"}).redirectOnClose("/").add();
            model.addAttribute("pwdChangeOk", "pwdChangeOk");
        } else {
            this.log.error("Password change failed for user '{}'", yadaFormPasswordChange.getUsername());
            model.addAttribute("fatalError", "fatalError");
            this.yadaNotify.titleKey(model, locale, new String[]{"yada.pwdreset.failed.title"}).error().messageKey(new String[]{"yada.pwdreset.failed.message"}).add();
        }
        return this.yadaNotify.getViewName();
    }

    @RequestMapping({"/yadaPasswordChangeModal/{token}/{username}/end"})
    @Deprecated
    public String passwordChangeModal(@PathVariable String str, @PathVariable String str2, @ModelAttribute YadaFormPasswordChange yadaFormPasswordChange) {
        return "/yada/modalPasswordChange";
    }

    public boolean passwordResetForm(String str, Model model, RedirectAttributes redirectAttributes) {
        long[] parseLink = this.yadaTokenHandler.parseLink(str);
        if (parseLink == null) {
            return false;
        }
        List findByIdAndTokenOrderByTimestampDesc = this.yadaRegistrationRequestDao.findByIdAndTokenOrderByTimestampDesc(parseLink[0], parseLink[1], YadaRegistrationRequest.class);
        if (findByIdAndTokenOrderByTimestampDesc.isEmpty()) {
            return false;
        }
        model.addAttribute(YadaAuthenticationFailureHandler.REQUESTATTR_USERNAME, ((YadaRegistrationRequest) findByIdAndTokenOrderByTimestampDesc.get(0)).getEmail());
        model.addAttribute("token", str);
        model.addAttribute("dialogType", "passwordRecovery");
        return true;
    }

    @RequestMapping({"/yadaPasswordResetPost"})
    public String yadaPasswordResetPost(YadaRegistrationRequest yadaRegistrationRequest, BindingResult bindingResult, Locale locale, RedirectAttributes redirectAttributes, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (yadaRegistrationRequest == null || yadaRegistrationRequest.getEmail() == null) {
            return "redirect:/passwordReset";
        }
        if (this.yadaUserCredentialsDao.findFirstByUsername(StringUtils.trimToEmpty(yadaRegistrationRequest.getEmail()).toLowerCase(Locale.ROOT)) == null) {
            bindingResult.rejectValue("email", "yada.passwordrecover.username.notfound");
            return "/passwordReset";
        }
        yadaRegistrationRequest.setRegistrationType(YadaRegistrationType.PASSWORD_RECOVERY);
        this.yadaSecurityUtil.registrationRequestCleanup(yadaRegistrationRequest);
        YadaRegistrationRequest save = this.yadaRegistrationRequestDao.save(yadaRegistrationRequest);
        if (this.yadaSecurityEmailService.sendPasswordRecovery(save, httpServletRequest, locale)) {
            this.yadaNotify.titleKey(redirectAttributes, locale, new String[]{"yada.email.passwordrecover.title"}).ok().messageKey(new String[]{"yada.email.passwordrecover.message"}).add();
            return "redirect:" + this.yadaConfiguration.getPasswordResetSent(locale);
        }
        this.yadaRegistrationRequestDao.delete(save);
        this.log.debug("Sending email to {} failed while resetting password", save.getEmail());
        bindingResult.rejectValue("email", "yada.email.send.failed");
        return "/passwordReset";
    }

    public YadaChangeUsernameOutcome changeUsername(String str) {
        YadaChangeUsernameOutcome yadaChangeUsernameOutcome = new YadaChangeUsernameOutcome();
        long[] parseLink = this.yadaTokenHandler.parseLink(str);
        try {
            if (parseLink == null) {
                return yadaChangeUsernameOutcome.setCode(YadaChangeUsernameResult.REQUEST_INVALID);
            }
            List findByIdAndTokenOrderByTimestampDesc = this.yadaRegistrationRequestDao.findByIdAndTokenOrderByTimestampDesc(parseLink[0], parseLink[1], YadaRegistrationRequest.class);
            if (findByIdAndTokenOrderByTimestampDesc.isEmpty()) {
                return yadaChangeUsernameOutcome.setCode(YadaChangeUsernameResult.LINK_EXPIRED);
            }
            YadaRegistrationRequest yadaRegistrationRequest = (YadaRegistrationRequest) findByIdAndTokenOrderByTimestampDesc.get(0);
            String email = yadaRegistrationRequest.getEmail();
            yadaChangeUsernameOutcome.newUsername = email;
            if (this.yadaUserCredentialsDao.findFirstByUsername(email.toLowerCase(Locale.ROOT)) != null) {
                this.yadaRegistrationRequestDao.delete(yadaRegistrationRequest);
                return yadaChangeUsernameOutcome.setCode(YadaChangeUsernameResult.USER_EXISTS);
            }
            String username = yadaRegistrationRequest.getYadaUserCredentials().getUsername();
            this.yadaRegistrationRequestDao.delete(yadaRegistrationRequest);
            return !this.yadaUserCredentialsDao.changeUsername(username, email) ? yadaChangeUsernameOutcome.setCode(YadaChangeUsernameResult.ERROR) : yadaChangeUsernameOutcome.setCode(YadaChangeUsernameResult.OK);
        } catch (Exception e) {
            this.log.debug("Can't change username", e);
            return yadaChangeUsernameOutcome.setCode(YadaChangeUsernameResult.ERROR);
        }
    }
}
