package org.apereo.cas.pm.web.flow;

import java.util.Map;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.pm.PasswordChangeRequest;
import org.apereo.cas.pm.web.flow.actions.VerifyPasswordResetRequestAction;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.actions.StaticEventExecutionAction;
import org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.SubflowState;
import org.springframework.webflow.engine.TransitionSet;
import org.springframework.webflow.engine.TransitionableState;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;

/* loaded from: input_file:org/apereo/cas/pm/web/flow/PasswordManagementWebflowConfigurer.class */
public class PasswordManagementWebflowConfigurer extends AbstractCasWebflowConfigurer {
    public static final String FLOW_ID_PASSWORD_RESET = "pswdreset";
    public static final String FLOW_VAR_ID_PASSWORD = "password";
    public static final String DO_CHANGE_PASSWORD_PARAMETER = "doChangePassword";

    public PasswordManagementWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        super(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        setOrder(casConfigurationProperties.getAuthn().getPm().getWebflow().getOrder());
    }

    protected void doInitialize() {
        Flow loginFlow = getLoginFlow();
        if (loginFlow != null) {
            createAccountStatusViewStates(loginFlow);
        }
    }

    private void createAccountStatusViewStates(Flow flow) {
        flow.getStartActionList().add(requestContext -> {
            WebUtils.putPasswordManagementEnabled(requestContext, Boolean.valueOf(this.casProperties.getAuthn().getPm().isEnabled()));
            return null;
        });
        createViewState(flow, "casAuthenticationBlockedView", "casAuthenticationBlockedView");
        createViewState(flow, "casBadWorkstationView", "casBadWorkstationView");
        createViewState(flow, "casBadHoursView", "casBadHoursView");
        createViewState(flow, "casAccountLockedView", "casAccountLockedView");
        createViewState(flow, "casAccountDisabledView", "casAccountDisabledView");
        createViewState(flow, "casPasswordUpdateSuccess", "casPasswordUpdateSuccessView");
        if (!this.casProperties.getAuthn().getPm().isEnabled()) {
            createViewState(flow, "casExpiredPassView", "casExpiredPassView");
            createViewState(flow, "casMustChangePassView", "casMustChangePassView");
            return;
        }
        configurePasswordResetFlow(flow, "casExpiredPassView");
        configurePasswordResetFlow(flow, "casMustChangePassView");
        configurePasswordMustChangeForAuthnWarnings(flow);
        configurePasswordExpirationWarning(flow);
        createPasswordResetFlow();
        ActionState startState = flow.getStartState();
        prependActionsToActionStateExecutionList(flow, startState.getId(), new String[]{"validatePasswordResetTokenAction"});
        createTransitionForState(startState, "invalidPasswordResetToken", "passwordResetErrorView");
        createViewState(flow, "passwordResetErrorView", "casResetPasswordErrorView");
    }

    private void configurePasswordExpirationWarning(Flow flow) {
        getTransitionableState(flow, "showAuthenticationWarningMessages").getEntryActionList().add(createEvaluateAction("handlePasswordExpirationWarningMessagesAction"));
    }

    private void configurePasswordMustChangeForAuthnWarnings(Flow flow) {
        TransitionableState transitionableState = getTransitionableState(flow, "showAuthenticationWarningMessages");
        transitionableState.getEntryActionList().add(createEvaluateAction("flowScope.pswdChangePostLogin=true"));
        createTransitionForState(transitionableState, "changePassword", "casMustChangePassView");
    }

    private void createPasswordResetFlow() {
        Flow loginFlow = getLoginFlow();
        if (loginFlow != null) {
            boolean isAutoLogin = this.casProperties.getAuthn().getPm().isAutoLogin();
            ViewState viewState = (ViewState) getState(loginFlow, "viewLoginForm", ViewState.class);
            createTransitionForState(viewState, "resetPassword", "casResetPasswordSendInstructionsView");
            createTransitionForState(viewState, "forgotUsername", "casForgotUsernameSendInfoView");
            ViewState createViewState = createViewState(loginFlow, "casForgotUsernameSendInfoView", "casForgotUsernameSendInfoView");
            createTransitionForState(createViewState, "findUsername", "sendForgotUsernameInstructions");
            ActionState createActionState = createActionState(loginFlow, "sendForgotUsernameInstructions", "sendForgotUsernameInstructionsAction");
            createTransitionForState(createActionState, "success", "casForgotUsernameSentInfoView");
            createTransitionForState(createActionState, "error", createViewState.getId());
            createViewState(loginFlow, "casForgotUsernameSentInfoView", "casForgotUsernameSentInfoView");
            ViewState createViewState2 = createViewState(loginFlow, "casResetPasswordSendInstructionsView", "casResetPasswordSendInstructionsView");
            createTransitionForState(createViewState2, "findAccount", "sendPasswordResetInstructions");
            ActionState createActionState2 = createActionState(loginFlow, "sendPasswordResetInstructions", "sendPasswordResetInstructionsAction");
            createTransitionForState(createActionState2, "success", "casResetPasswordSentInstructionsView");
            createTransitionForState(createActionState2, "error", createViewState2.getId());
            createViewState(loginFlow, "casResetPasswordSentInstructionsView", "casResetPasswordSentInstructionsView");
            registerPasswordResetFlowDefinition();
            ActionState actionState = (ActionState) getState(loginFlow, "initializeLoginForm", ActionState.class);
            String targetStateId = actionState.getTransition("success").getTargetStateId();
            SubflowState createSubflowState = createSubflowState(loginFlow, "pswdResetSubflow", FLOW_ID_PASSWORD_RESET);
            TransitionableState transitionableState = getTransitionableState(loginFlow, "createTicketGrantingTicket");
            transitionableState.getEntryActionList().add(createEvaluateAction(String.join(DO_CHANGE_PASSWORD_PARAMETER, "flowScope.", " = requestParameters.", " != null")));
            createDecisionState(loginFlow, "checkForPswdResetToken", "requestParameters.pswdrst != null", "pswdResetSubflow", targetStateId);
            createTransitionForState(actionState, "success", "checkForPswdResetToken", true);
            createStateDefaultTransition(createActionState(loginFlow, "redirectToLogin", StaticEventExecutionAction.SUCCESS), loginFlow.getStartState().getId());
            createTransitionForState(createSubflowState, "pswdResetComplete", isAutoLogin ? "realSubmit" : "redirectToLogin");
            createDecisionState(loginFlow, "checkDoChangePassword", "flowScope.doChangePassword == true", "casMustChangePassView", transitionableState.getTransition("success").getTargetStateId()).getEntryActionList().add(createEvaluateAction("flowScope.pswdChangePostLogin=true"));
            createTransitionForState(transitionableState, "success", "checkDoChangePassword", true);
            createDecisionState(loginFlow, "postLoginPswdChangeCheck", "flowScope.pswdChangePostLogin == true", getTransitionableState(loginFlow, "showAuthenticationWarningMessages").getTransition("proceed").getTargetStateId(), isAutoLogin ? "realSubmit" : "redirectToLogin");
            createTransitionForState(getTransitionableState(loginFlow, "casPasswordUpdateSuccess"), "proceed", "postLoginPswdChangeCheck");
        }
    }

    private void registerPasswordResetFlowDefinition() {
        Flow buildFlow = buildFlow("classpath:/webflow/pswdreset/pswdreset-webflow.xml", FLOW_ID_PASSWORD_RESET);
        buildFlow.getStartActionList().add(createEvaluateAction("initialFlowSetupAction"));
        createStateDefaultTransition(createActionState(buildFlow, "initPasswordReset", "initPasswordResetAction"), "casMustChangePassView");
        ActionState createActionState = createActionState(buildFlow, "verifySecurityQuestions", "verifySecurityQuestionsAction");
        createTransitionForState(createActionState, "success", "initPasswordReset");
        createTransitionForState(createActionState, "error", "passwordResetErrorView");
        ActionState createActionState2 = createActionState(buildFlow, "verifyPasswordResetRequest", "verifyPasswordResetRequestAction");
        createTransitionForState(createActionState2, "success", "getSecurityQuestionsView");
        createTransitionForState(createActionState2, "error", "passwordResetErrorView");
        createTransitionForState(createActionState2, VerifyPasswordResetRequestAction.EVENT_ID_SECURITY_QUESTIONS_DISABLED, "initPasswordReset");
        createTransitionForState(createViewState(buildFlow, "getSecurityQuestionsView", "casResetPasswordVerifyQuestionsView"), "submit", "verifySecurityQuestions", Map.of("bind", Boolean.FALSE, "validate", Boolean.FALSE));
        buildFlow.getStartActionList().add(requestContext -> {
            WebUtils.putPasswordManagementEnabled(requestContext, Boolean.valueOf(this.casProperties.getAuthn().getPm().isEnabled()));
            return null;
        });
        createViewState(buildFlow, "passwordResetErrorView", "casResetPasswordErrorView");
        createViewState(buildFlow, "casPasswordUpdateSuccess", "casPasswordUpdateSuccessView");
        configurePasswordResetFlow(buildFlow, "casMustChangePassView");
        buildFlow.setStartState(createActionState2);
        this.mainFlowDefinitionRegistry.registerFlowDefinition(buildFlow);
        createEndState(buildFlow, "pswdResetComplete");
        createTransitionForState(getTransitionableState(buildFlow, "casPasswordUpdateSuccess"), "proceed", "pswdResetComplete");
    }

    private void configurePasswordResetFlow(Flow flow, String str) {
        createFlowVariable(flow, FLOW_VAR_ID_PASSWORD, PasswordChangeRequest.class);
        ViewState createViewState = createViewState(flow, str, str, createStateBinderConfiguration(CollectionUtils.wrapList(new String[]{FLOW_VAR_ID_PASSWORD, "confirmedPassword"})));
        createStateModelBinding(createViewState, FLOW_VAR_ID_PASSWORD, PasswordChangeRequest.class);
        createViewState.getEntryActionList().add(createEvaluateAction("initPasswordChangeAction"));
        createTransitionForState(createViewState, "submit", "passwordChangeAction", Map.of("bind", Boolean.TRUE, "validate", Boolean.TRUE));
        createStateDefaultTransition(createViewState, str);
        TransitionSet transitionSet = createActionState(flow, "passwordChangeAction", createEvaluateAction("passwordChangeAction")).getTransitionSet();
        transitionSet.add(createTransition("passwordUpdateSuccess", "casPasswordUpdateSuccess"));
        transitionSet.add(createTransition("error", str));
    }
}
