package org.apereo.cas.pm.web.flow;

import java.util.Map;
import java.util.stream.Stream;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.pm.PasswordChangeRequest;
import org.apereo.cas.pm.web.flow.actions.VerifyPasswordResetRequestAction;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.actions.ConsumerExecutionAction;
import org.apereo.cas.web.flow.actions.StaticEventExecutionAction;
import org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.webflow.action.SetAction;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.EndState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.SubflowState;
import org.springframework.webflow.engine.TransitionSet;
import org.springframework.webflow.engine.TransitionableState;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;

/* loaded from: input_file:org/apereo/cas/pm/web/flow/PasswordManagementWebflowConfigurer.class */
public class PasswordManagementWebflowConfigurer extends AbstractCasWebflowConfigurer {
    public static final String FLOW_VAR_ID_PASSWORD = "password";
    public static final String DO_CHANGE_PASSWORD_PARAMETER = "doChangePassword";

    public PasswordManagementWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        super(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        setOrder(casConfigurationProperties.getAuthn().getPm().getWebflow().getOrder());
    }

    protected void doInitialize() {
        Flow loginFlow = getLoginFlow();
        if (loginFlow != null) {
            createAccountStatusViewStates(loginFlow);
        }
    }

    private void createAccountStatusViewStates(Flow flow) {
        enablePasswordManagementForFlow(flow);
        createViewState(flow, "casAuthenticationBlockedView", "login-error/casAuthenticationBlockedView");
        createViewState(flow, "casBadWorkstationView", "login-error/casBadWorkstationView");
        createViewState(flow, "casBadHoursView", "login-error/casBadHoursView");
        createViewState(flow, "casPasswordUpdateSuccess", "password-reset/casPasswordUpdateSuccessView");
        ViewState createViewState = createViewState(flow, "casAccountLockedView", "login-error/casAccountLockedView");
        ViewState createViewState2 = createViewState(flow, "casAccountDisabledView", "login-error/casAccountDisabledView");
        if (!this.casProperties.getAuthn().getPm().getCore().isEnabled()) {
            createViewState(flow, "casExpiredPassView", "login-error/casExpiredPassView").getEntryActionList().add(createEvaluateAction("initPasswordChangeAction"));
            createViewState(flow, "casMustChangePassView", "login-error/casMustChangePassView").getEntryActionList().add(createEvaluateAction("initPasswordChangeAction"));
            return;
        }
        configurePasswordResetFlow(flow, "casExpiredPassView", "login-error/casExpiredPassView");
        configurePasswordResetFlow(flow, "casMustChangePassView", "login-error/casMustChangePassView");
        configurePasswordMustChangeForAuthnWarnings(flow);
        configurePasswordExpirationWarning(flow);
        createPasswordResetFlow();
        ActionState startState = flow.getStartState();
        prependActionsToActionStateExecutionList(flow, startState.getId(), new String[]{"validatePasswordResetTokenAction"});
        createTransitionForState(startState, "invalidPasswordResetToken", "passwordResetErrorView");
        createViewState(flow, "passwordResetErrorView", "password-reset/casResetPasswordErrorView");
        SetAction createSetAction = createSetAction("viewScope.enableAccountUnlock", "true");
        Stream.of((Object[]) new ViewState[]{createViewState, createViewState2}).forEach(viewState -> {
            viewState.getRenderActionList().add(createSetAction);
            viewState.getEntryActionList().add(createEvaluateAction("accountUnlockStatusPrepareAction"));
        });
        EndState createEndState = createEndState(flow, "casAccountUnlockedView", "login-error/casAccountUnlockedView");
        createTransitionForState(createViewState, "submit", "unlockAccountStatus");
        ActionState createActionState = createActionState(flow, "unlockAccountStatus", new String[]{"accountUnlockStatusAction"});
        createTransitionForState(createActionState, "success", createEndState.getId());
        createTransitionForState(createActionState, "error", createViewState.getId());
        createTransitionForState(createViewState2, "submit", "enableAccountStatus");
        ActionState createActionState2 = createActionState(flow, "enableAccountStatus", new String[]{"accountUnlockStatusAction"});
        createTransitionForState(createActionState2, "success", createEndState.getId());
        createTransitionForState(createActionState2, "error", createViewState2.getId());
    }

    private void configurePasswordExpirationWarning(Flow flow) {
        getTransitionableState(flow, "showAuthenticationWarningMessages").getEntryActionList().add(createEvaluateAction("handlePasswordExpirationWarningMessagesAction"));
    }

    private void configurePasswordMustChangeForAuthnWarnings(Flow flow) {
        TransitionableState transitionableState = getTransitionableState(flow, "showAuthenticationWarningMessages");
        transitionableState.getEntryActionList().add(createEvaluateAction("flowScope.pswdChangePostLogin=true"));
        createTransitionForState(transitionableState, "changePassword", "casMustChangePassView");
    }

    private void createPasswordResetFlow() {
        Flow loginFlow = getLoginFlow();
        if (loginFlow != null) {
            boolean isAutoLogin = this.casProperties.getAuthn().getPm().getCore().isAutoLogin();
            createTransitionForState((ViewState) getState(loginFlow, "viewLoginForm", ViewState.class), "resetPassword", "casResetPasswordSendInstructionsView");
            ViewState createViewState = createViewState(loginFlow, "casResetPasswordSendInstructionsView", "password-reset/casResetPasswordSendInstructionsView");
            createTransitionForState(createViewState, "findAccount", "sendPasswordResetInstructions");
            ActionState createActionState = createActionState(loginFlow, "sendPasswordResetInstructions", new String[]{"sendPasswordResetInstructionsAction"});
            createTransitionForState(createActionState, "success", "casResetPasswordSentInstructionsView");
            createTransitionForState(createActionState, "error", createViewState.getId());
            createViewState(loginFlow, "casResetPasswordSentInstructionsView", "password-reset/casResetPasswordSentInstructionsView");
            registerPasswordResetFlowDefinition();
            ActionState actionState = (ActionState) getState(loginFlow, "initializeLoginForm", ActionState.class);
            String targetStateId = actionState.getTransition("success").getTargetStateId();
            SubflowState createSubflowState = createSubflowState(loginFlow, "pswdResetSubflow", "pswdreset");
            TransitionableState transitionableState = getTransitionableState(loginFlow, "createTicketGrantingTicket");
            transitionableState.getEntryActionList().add(createEvaluateAction(String.join(DO_CHANGE_PASSWORD_PARAMETER, "flowScope.", " = requestParameters.", " != null")));
            createDecisionState(loginFlow, "checkForPswdResetToken", "requestParameters.pswdrst != null", "pswdResetSubflow", targetStateId);
            createTransitionForState(actionState, "success", "checkForPswdResetToken", true);
            createStateDefaultTransition(createActionState(loginFlow, "redirectToLogin", StaticEventExecutionAction.SUCCESS), loginFlow.getStartState().getId());
            createTransitionForState(createSubflowState, "pswdResetComplete", isAutoLogin ? "realSubmit" : "redirectToLogin");
            createDecisionState(loginFlow, "checkDoChangePassword", "flowScope.doChangePassword == true", "casMustChangePassView", transitionableState.getTransition("success").getTargetStateId()).getEntryActionList().add(createEvaluateAction("flowScope.pswdChangePostLogin=true"));
            createTransitionForState(transitionableState, "success", "checkDoChangePassword", true);
            createDecisionState(loginFlow, "postLoginPswdChangeCheck", "flowScope.pswdChangePostLogin == true", getTransitionableState(loginFlow, "showAuthenticationWarningMessages").getTransition("proceed").getTargetStateId(), isAutoLogin ? "realSubmit" : "redirectToLogin");
            createTransitionForState(getTransitionableState(loginFlow, "casPasswordUpdateSuccess"), "proceed", "postLoginPswdChangeCheck");
        }
    }

    private void registerPasswordResetFlowDefinition() {
        Flow buildFlow = buildFlow("pswdreset");
        buildFlow.getStartActionList().add(createEvaluateAction("initialFlowSetupAction"));
        createStateDefaultTransition(createActionState(buildFlow, "initPasswordReset", new String[]{"initPasswordResetAction"}), "casMustChangePassView");
        ActionState createActionState = createActionState(buildFlow, "verifySecurityQuestions", new String[]{"verifySecurityQuestionsAction"});
        createTransitionForState(createActionState, "success", "initPasswordReset");
        createTransitionForState(createActionState, "error", "passwordResetErrorView");
        ActionState createActionState2 = createActionState(buildFlow, "verifyPasswordResetRequest", new String[]{"verifyPasswordResetRequestAction"});
        createTransitionForState(createActionState2, "success", "getSecurityQuestionsView");
        createTransitionForState(createActionState2, "error", "passwordResetErrorView");
        createTransitionForState(createActionState2, VerifyPasswordResetRequestAction.EVENT_ID_SECURITY_QUESTIONS_DISABLED, "initPasswordReset");
        createTransitionForState(createViewState(buildFlow, "getSecurityQuestionsView", "password-reset/casResetPasswordVerifyQuestionsView"), "submit", "verifySecurityQuestions", Map.of("bind", Boolean.FALSE, "validate", Boolean.FALSE));
        enablePasswordManagementForFlow(buildFlow);
        createViewState(buildFlow, "passwordResetErrorView", "password-reset/casResetPasswordErrorView");
        createViewState(buildFlow, "casPasswordUpdateSuccess", "password-reset/casPasswordUpdateSuccessView");
        configurePasswordResetFlow(buildFlow, "casMustChangePassView", "login-error/casMustChangePassView");
        buildFlow.setStartState(createActionState2);
        this.mainFlowDefinitionRegistry.registerFlowDefinition(buildFlow);
        createEndState(buildFlow, "pswdResetComplete");
        createTransitionForState(getTransitionableState(buildFlow, "casPasswordUpdateSuccess"), "proceed", "pswdResetComplete");
    }

    private void enablePasswordManagementForFlow(Flow flow) {
        flow.getStartActionList().add(new ConsumerExecutionAction(requestContext -> {
            WebUtils.putAccountProfileManagementEnabled(requestContext, Boolean.valueOf(this.applicationContext.containsBean("accountProfileFlowRegistry")));
            WebUtils.putPasswordManagementEnabled(requestContext, Boolean.valueOf(this.casProperties.getAuthn().getPm().getCore().isEnabled()));
        }));
    }

    private void configurePasswordResetFlow(Flow flow, String str, String str2) {
        createFlowVariable(flow, FLOW_VAR_ID_PASSWORD, PasswordChangeRequest.class);
        ViewState createViewState = createViewState(flow, str, str2, createStateBinderConfiguration(CollectionUtils.wrapList(new String[]{FLOW_VAR_ID_PASSWORD, "confirmedPassword"})));
        createStateModelBinding(createViewState, FLOW_VAR_ID_PASSWORD, PasswordChangeRequest.class);
        createViewState.getEntryActionList().add(createEvaluateAction("initPasswordChangeAction"));
        createTransitionForState(createViewState, "submit", "passwordChangeAction", Map.of("bind", Boolean.TRUE, "validate", Boolean.TRUE));
        createStateDefaultTransition(createViewState, str);
        TransitionSet transitionSet = createActionState(flow, "passwordChangeAction", createEvaluateAction("passwordChangeAction")).getTransitionSet();
        transitionSet.add(createTransition("passwordUpdateSuccess", "casPasswordUpdateSuccess"));
        transitionSet.add(createTransition("error", str));
    }
}
