package org.apereo.cas.pm.web.flow.actions;

import java.util.List;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
import org.apereo.cas.pm.BasePasswordManagementService;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.pm.web.flow.PasswordManagementWebflowUtils;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/pm/web/flow/actions/VerifyPasswordResetRequestAction.class */
public class VerifyPasswordResetRequestAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(VerifyPasswordResetRequestAction.class);
    private final CasConfigurationProperties casProperties;
    private final PasswordManagementService passwordManagementService;
    private final TicketRegistry ticketRegistry;

    protected Event doExecute(RequestContext requestContext) {
        String parameter = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext).getParameter(PasswordManagementWebflowUtils.REQUEST_PARAMETER_NAME_PASSWORD_RESET_TOKEN);
        if (StringUtils.isBlank(parameter)) {
            LOGGER.error("Password reset token is missing");
            return error();
        }
        TransientSessionTicket ticket = this.ticketRegistry.getTicket(parameter, TransientSessionTicket.class);
        if (ticket == null) {
            LOGGER.error("Unable to locate token [{}] in the ticket registry", parameter);
            return error();
        }
        String obj = ticket.getProperties().get(PasswordManagementWebflowUtils.FLOWSCOPE_PARAMETER_NAME_TOKEN).toString();
        String parseToken = this.passwordManagementService.parseToken(obj);
        if (StringUtils.isBlank(parseToken)) {
            LOGGER.error("Password reset token could not be verified");
            return error();
        }
        this.ticketRegistry.deleteTicket(ticket);
        PasswordManagementWebflowUtils.putPasswordResetToken(requestContext, obj);
        PasswordManagementProperties pm = this.casProperties.getAuthn().getPm();
        if (pm.getReset().isSecurityQuestionsEnabled()) {
            List canonicalizeSecurityQuestions = BasePasswordManagementService.canonicalizeSecurityQuestions(this.passwordManagementService.getSecurityQuestions(parseToken));
            if (canonicalizeSecurityQuestions.isEmpty()) {
                LOGGER.warn("No security questions could be found for [{}]", parseToken);
                return error();
            }
            PasswordManagementWebflowUtils.putPasswordResetSecurityQuestions(requestContext, canonicalizeSecurityQuestions);
        } else {
            LOGGER.debug("Security questions are not enabled");
        }
        PasswordManagementWebflowUtils.putPasswordResetUsername(requestContext, parseToken);
        PasswordManagementWebflowUtils.putPasswordResetSecurityQuestionsEnabled(requestContext, pm.getReset().isSecurityQuestionsEnabled());
        return pm.getReset().isSecurityQuestionsEnabled() ? success() : new EventFactorySupport().event(this, "questionsDisabled");
    }

    @Generated
    public VerifyPasswordResetRequestAction(CasConfigurationProperties casConfigurationProperties, PasswordManagementService passwordManagementService, TicketRegistry ticketRegistry) {
        this.casProperties = casConfigurationProperties;
        this.passwordManagementService = passwordManagementService;
        this.ticketRegistry = ticketRegistry;
    }
}
