package org.apereo.cas.pm.web.flow.actions;

import java.util.List;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
import org.apereo.cas.pm.PasswordManagementQuery;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.pm.web.flow.PasswordManagementWebflowUtils;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/pm/web/flow/actions/VerifyPasswordResetRequestAction.class */
public class VerifyPasswordResetRequestAction extends BasePasswordManagementAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(VerifyPasswordResetRequestAction.class);
    public static final String EVENT_ID_SECURITY_QUESTIONS_DISABLED = "questionsDisabled";
    private final CasConfigurationProperties casProperties;
    private final PasswordManagementService passwordManagementService;
    private final TicketRegistry ticketRegistry;

    protected Event doExecute(RequestContext requestContext) throws Exception {
        String parameter = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext).getParameter("pswdrst");
        if (StringUtils.isBlank(parameter)) {
            LOGGER.error("Password reset token is missing");
            return error();
        }
        TransientSessionTicket transientSessionTicket = (TransientSessionTicket) null;
        try {
            try {
                TransientSessionTicket ticket = this.ticketRegistry.getTicket(parameter, TransientSessionTicket.class);
                ticket.update();
                this.ticketRegistry.updateTicket(ticket);
                String obj = ticket.getProperties().get("token").toString();
                String parseToken = this.passwordManagementService.parseToken(obj);
                PasswordManagementQuery build = PasswordManagementQuery.builder().username(parseToken).build();
                PasswordManagementWebflowUtils.putPasswordResetToken(requestContext, obj);
                PasswordManagementProperties pm = this.casProperties.getAuthn().getPm();
                if (pm.getReset().isSecurityQuestionsEnabled()) {
                    List canonicalizeSecurityQuestions = PasswordManagementService.canonicalizeSecurityQuestions(this.passwordManagementService.getSecurityQuestions(build));
                    if (canonicalizeSecurityQuestions.isEmpty()) {
                        LOGGER.warn("No security questions could be found for [{}]", parseToken);
                        Event error = error();
                        if (ticket != null && ticket.getExpirationPolicy().isExpired(ticket)) {
                            this.ticketRegistry.deleteTicket(ticket);
                        }
                        return error;
                    }
                    PasswordManagementWebflowUtils.putPasswordResetSecurityQuestions(requestContext, (List<String>) canonicalizeSecurityQuestions);
                } else {
                    LOGGER.debug("Security questions are not enabled");
                }
                PasswordManagementWebflowUtils.putPasswordResetUsername(requestContext, parseToken);
                PasswordManagementWebflowUtils.putPasswordResetSecurityQuestionsEnabled(requestContext, pm.getReset().isSecurityQuestionsEnabled());
                if (!pm.getReset().isSecurityQuestionsEnabled()) {
                    Event event = new EventFactorySupport().event(this, EVENT_ID_SECURITY_QUESTIONS_DISABLED);
                    if (ticket != null && ticket.getExpirationPolicy().isExpired(ticket)) {
                        this.ticketRegistry.deleteTicket(ticket);
                    }
                    return event;
                }
                LOGGER.trace("Security questions are enabled; proceeding...");
                Event success = success();
                if (ticket != null && ticket.getExpirationPolicy().isExpired(ticket)) {
                    this.ticketRegistry.deleteTicket(ticket);
                }
                return success;
            } catch (Exception e) {
                LoggingUtils.error(LOGGER, "Password reset token could not be located or verified", e);
                Event error2 = error();
                if (transientSessionTicket != null && transientSessionTicket.getExpirationPolicy().isExpired(transientSessionTicket)) {
                    this.ticketRegistry.deleteTicket(transientSessionTicket);
                }
                return error2;
            }
        } catch (Throwable th) {
            if (transientSessionTicket != null && transientSessionTicket.getExpirationPolicy().isExpired(transientSessionTicket)) {
                this.ticketRegistry.deleteTicket(transientSessionTicket);
            }
            throw th;
        }
    }

    @Generated
    public VerifyPasswordResetRequestAction(CasConfigurationProperties casConfigurationProperties, PasswordManagementService passwordManagementService, TicketRegistry ticketRegistry) {
        this.casProperties = casConfigurationProperties;
        this.passwordManagementService = passwordManagementService;
        this.ticketRegistry = ticketRegistry;
    }
}
